Infections multiple

Résolu/Fermé
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016 - 13 oct. 2008 à 15:39
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016 - 19 oct. 2008 à 01:56
Bonjour,

depuis hier au soir mon pc est infecté par des virus adware ou autres cochonneries du même genre. Après un moment a lutter pour récupérer un peu de marge pour réparer tout ça je me suis retrouvé avec un message en fond d'écran me disant que mon ordi était infecté par Win32/Adware.Virtumonde et Win32/PrivacyRemover.M64. Je sais pas trop comment m'en débarrasser. C'est la premier fois que je me retrouve avec une infection massive aussi subite (après trois scan avec Adaware et 2 autres antivirus on dirait que y'en a encore).Je reçois aussi des messages d'alerte me disant d'installer tel ou tel trucs, je les ai laissés tel quel sans y toucher on sait jamais. J'ai eu déjà quelques écrans bleus souvent quand je tentais un scan antivirus (les autres scan on été fait en mode sans échec vu que le pc redémarait tout seul au bout d'une dizaine de minutes). PLusieurs éléments comme le panneau de configuration semblent être désactivés. Au final je sais plus trop quoi faire et j'hésite a tenter quoi que ce soit de plus sans conseils.

129 réponses

fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
13 oct. 2008 à 23:00
Voici le log de Malwarebytes (je sais pas si c'est normal qu'il ai "no action taken pour chaque élément mais j'ai bien fait supprimer comme conseillé):

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1266
Windows 5.1.2600 Service Pack 3

13/10/2008 22:52:00
mbam-log-2008-10-13 (22-51-54).txt

Type de recherche: Examen complet (C:\|E:\|G:\|)
Eléments examinés: 222012
Temps écoulé: 42 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 52
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 109

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jkklIbbb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jsd72hf4t.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xggwfe.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b32ca801-438d-43d5-b3c6-7c60a18b37aa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b32ca801-438d-43d5-b3c6-7c60a18b37aa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{476EC286-BF47-D98D-6C8B-052C2888455E} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af4261c2-0754-4ae6-895b-295be62dc2b7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\15954c60 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\15954c60 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\15954c60 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\49cfd64 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\49cfd64 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\4b5e2551 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4b5e2551 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\8443f9d6 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\8443f9d6 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\8443f9d6 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\a150dc56 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a150dc56 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b5837286 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\b5837286 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b5837286 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b97207a1 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b97207a1 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c1cd381 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\comen (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\user16 (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hlpsrvstr (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Clicker) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkklibbb -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkklibbb -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\jkklIbbb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bbbIlkkj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bbbIlkkj.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oeaysyat.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\taysyaeo.ini (Trojan.Vundo.H) -> No action taken.
C:\Program Files\pkjjpce\ComEn.dll (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\winhlp.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\fspsbqvk.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\jsd72hf4t.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temp\csrssc.exe (Trojan.Clicker) -> No action taken.
C:\d3.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temp\csrssc.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96CTSMBE\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ET108QE3\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GJ6PO5Q1\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temp\1312164208.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\707R4K3B\sa2009[1].exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\PPIW0J6K\asuper1[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\PPIW0J6K\svbur[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\PPIW0J6K\xqaab[1].txt (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\SN8FTDSV\asuper2[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\SN8FTDSV\rolli[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\SN8FTDSV\slmmznaobp[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\asuper3[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\asuper[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\buerrbspcd[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Asus\Local Settings\Temporary Internet Files\Content.IE5\WSMDR2R9\iscpmmaa[1].htm (Trojan.ErtFor) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MNIZGZIZ\w32tms[1].exe (Trojan.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\serial.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005047.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005048.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005049.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005050.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005052.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005053.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005054.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005060.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005061.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005066.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005067.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005068.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005110.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005165.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005168.exe (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005169.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005170.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005171.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005173.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005175.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005205.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005209.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005230.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005248.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005255.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005256.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005261.exe (Trojan.Ertfor) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005271.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{09CDD429-D6E4-4332-91A9-CCDF22CCD665}\RP17\A0005272.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\aWOETjKe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aWOhICVl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXOhfeB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byxWoMfF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXpQjii.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbxXNEvs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddcArqol.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dDspPffD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\efcYRHBQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccaWopm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gEWOfcay.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ifdbileq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jKAstTnO.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkKBTNf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\khfDwtqQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kurfam.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJBqNfg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJDSIaY.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnkjKAR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnkkjKC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmNEVLfg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnNGWop.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qoMeCrsS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRHbXpq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqOIYOI.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tmp0_636703846551.bk (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tuvuTlKB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uvoburqg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtULDwVo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUnomKc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xggwfe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyYOHww.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\drivers\15954c60.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\49cfd64.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\4b5e2551.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\8443f9d6.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\9c468072.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\a150dc56.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\b5837286.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\b97207a1.sys (Rootkit.Agent) -> No action taken.
C:\_OTMoveIt\MovedFiles\10132008_193123\DOCUME~1\Asus\LOCALS~1\Temp\csrssc.exe (Trojan.Clicker) -> No action taken.
C:\_OTMoveIt\MovedFiles\10132008_193123\DOCUME~1\Asus\LOCALS~1\Temp\winlogen.exe (Trojan.Ertfor) -> No action taken.
G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drmgs.sys (Rootkit.Agent) -> No action taken.
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
13 oct. 2008 à 23:01
Et voici le log Hijackthis en mode normal:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:34, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Virtual CD v9\System\VC9Play.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Virtual CD v9\System\VC9Tray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Star Wars Empire at War Forces of Corruption
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
O4 - HKCU\..\Run: [WindowsAPI32] C:\rmxgdx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: xggwfe.dll
O20 - Winlogon Notify: jyzmii - jyzmii.dll (file missing)
O20 - Winlogon Notify: xsrbgna - xsrbgna.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 464
13 oct. 2008 à 23:05
No action taken

Ouvres Malwarebytes et va sur l'onglet " quarantaine " : supprimes tout ce qui s'y trouve !

Edite :

1- refais un coup de CCleaner ( registre compris ) .


2- fais exactement ceci :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques sur l'icône "combofix.exe" pour lancer l'outil .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilises pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : cliques sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
13 oct. 2008 à 23:08
Rapport Combofix:

ComboFix 08-10-12.01 - Asus 2008-10-13 23:13:46.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1542 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Asus\Bureau\Telechargements\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\gebARIcC.dll
C:\WINDOWS\system32\gifujndw.ini
C:\WINDOWS\system32\iifcBTJc.dll
C:\WINDOWS\system32\iiFwTKeD.dll
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\oduxftw.sys
C:\WINDOWS\system32\opnLeCTj.dll
C:\WINDOWS\system32\opnlJdaA.dll
C:\WINDOWS\system32\opnlKAsT.dll
C:\WINDOWS\system32\pmnoLecY.dll
C:\WINDOWS\system32\qommKebY.dll
C:\WINDOWS\system32\tmp0_147740624510.bk
C:\WINDOWS\system32\tmp0_192009256388.bk
C:\WINDOWS\system32\tmp0_426081686687.bk
C:\WINDOWS\system32\tmp0_55008162503.bk
C:\WINDOWS\system32\tmp0_620910439848.bk
C:\WINDOWS\system32\tmp0_787139747272.bk
C:\WINDOWS\system32\tmp3_691029771265.bk
C:\WINDOWS\system32\tpszxyd.sys
C:\WINDOWS\system32\wvUnnKaW.dll
C:\WINDOWS\system32\xxYpPIaB.dll
G:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_NOBICYT
-------\Legacy_NOXTCYR
-------\Legacy_NOYTCYR
-------\Legacy_PERFMONS
-------\Legacy_ROXTCTM
-------\Legacy_ROYTCTM
-------\Legacy_SOBICYT
-------\Legacy_SOTPECA
-------\Legacy_SOXPECA
-------\Legacy_TDYDOWKC
-------\Legacy_WSLDOEKD


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.

2008-10-13 22:07 . 2008-10-13 22:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 22:07 . 2008-10-13 22:07 <REP> d-------- C:\Documents and Settings\Asus\Application Data\Malwarebytes
2008-10-13 22:07 . 2008-10-13 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 22:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 22:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 20:52 . 2008-10-13 20:52 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-13 20:48 . 2008-10-13 20:48 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-13 20:38 . 2008-10-13 21:14 <REP> d-------- C:\SDFix
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\_OTMoveIt
2008-10-13 18:44 . 2008-10-13 18:44 35,840 --a------ C:\WINDOWS\system32\rqrpnMEx.dll
2008-10-13 18:44 . 2008-10-13 18:44 35,840 --a------ C:\WINDOWS\system32\iiFWnNDs.dll
2008-10-13 18:43 . 2008-10-13 18:43 35,840 --a------ C:\WINDOWS\system32\pmnkkHxv.dll
2008-10-13 18:43 . 2008-10-13 18:43 35,840 --a------ C:\WINDOWS\system32\mljJDUnK.dll
2008-10-13 18:42 . 2008-10-13 18:42 35,840 --a------ C:\WINDOWS\system32\iiFyWolK.dll
2008-10-13 18:42 . 2008-10-13 18:42 35,840 --a------ C:\WINDOWS\system32\fccbayyw.dll
2008-10-13 18:17 . 2008-10-13 19:49 <REP> d-------- C:\Lop SD
2008-10-13 16:43 . 2008-10-13 19:20 4,308 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 15:49 . 2008-10-13 15:49 <REP> d-------- C:\Program Files\Trend Micro
2008-10-13 14:23 . 2008-10-13 19:12 45,056 --a------ C:\rmxgdx.exe
2008-10-13 06:46 . 2008-10-13 14:37 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-13 06:35 . 2008-10-13 06:35 <REP> d-------- C:\VundoFix Backups
2008-10-13 02:19 . 2008-10-13 06:06 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-12 23:21 . 2008-03-26 17:07 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-12 23:21 . 2008-03-26 13:01 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-12 23:21 . 2008-03-26 13:01 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-10-12 23:21 . 2008-10-13 06:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-12 23:21 . 2008-10-12 23:37 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-12 22:54 . 2008-10-13 22:52 <REP> d-------- C:\Program Files\pkjjpce
2008-10-12 22:54 . 2008-10-12 22:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ijqtyben
2008-10-12 22:53 . 2008-10-12 22:53 <REP> d-------- C:\Documents and Settings\Asus\Application Data\5
2008-10-12 22:53 . 2008-10-12 22:53 40,960 --a------ C:\siggjefi.exe
2008-10-12 22:53 . 2008-10-13 20:34 2,933 --a------ C:\Documents and Settings\Asus\iuns.exe
2008-10-12 14:30 . 2008-10-12 14:30 96 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-10-12 11:30 . 2008-10-12 23:23 <REP> d-------- C:\Program Files\alaplaya
2008-10-10 11:24 . 2006-11-29 19:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-10 11:24 . 2006-09-28 22:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-10 11:15 . 2008-10-10 11:15 <REP> d-------- C:\Program Files\Lighthouse Interactive
2008-10-06 00:53 . 2008-10-06 00:53 <REP> d-------- C:\Program Files\LucasArts
2008-10-03 09:15 . 2008-10-03 10:12 <REP> d-------- C:\Program Files\Reaxxion
2008-09-28 18:05 . 2008-09-28 18:05 <REP> d-------- C:\Program Files\Koei
2008-09-28 15:27 . 2008-09-28 15:35 <REP> d-------- C:\Program Files\Virtual Villagers The Secret City
2008-09-28 15:27 . 2008-09-28 15:27 <REP> d-------- C:\Program Files\ReflexiveArcade
2008-09-14 00:36 . 2008-09-14 00:36 <REP> d-------- C:\Program Files\Orange HSS
2008-09-13 15:51 . 2006-08-27 16:00 285,184 --a------ C:\Program Files\shell32.exe
2008-09-13 15:50 . 2008-09-13 15:50 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 17:06 90,112 ----a-w C:\WINDOWS\DUMP6b3d.tmp
2008-10-12 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-12 21:23 --------- d-----w C:\Program Files\Foxmail
2008-10-12 20:43 --------- d-----w C:\Program Files\eMule
2008-10-11 19:52 --------- d-----w C:\Program Files\Player Metaboli
2008-10-11 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
2008-10-10 03:35 --------- d-----w C:\Documents and Settings\Asus\Application Data\Azureus
2008-10-06 12:42 --------- d-----w C:\Documents and Settings\Asus\Application Data\Petroglyph
2008-10-01 06:11 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-09-27 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-11 05:08 --------- d-----w C:\Documents and Settings\Asus\Application Data\Leadertech
2008-09-11 05:07 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-09-11 05:06 --------- d-----w C:\Program Files\Logitech
2008-09-10 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 12:17 --------- d-----w C:\Program Files\Codemasters
2008-09-08 05:47 --------- d-----w C:\Program Files\Stardock
2008-09-08 05:47 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2008-09-05 23:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 23:52 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-03 11:00 --------- d-----w C:\Program Files\Anno 1701
2008-09-03 08:22 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-09-03 08:22 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-29 19:21 --------- d-----w C:\Documents and Settings\Asus\Application Data\dvdcss
2008-08-29 08:42 --------- d-----w C:\Program Files\VUGames
2008-08-28 20:56 --------- d-----w C:\Program Files\directx
2008-08-28 20:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-27 08:22 --------- d-----w C:\Program Files\Firaxis Games
2008-08-26 15:55 --------- d-----w C:\Program Files\Vuze
2008-08-26 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-24 22:41 --------- d-----w C:\Documents and Settings\Asus\Application Data\Babylon
2008-08-24 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-21 08:47 --------- d-----w C:\Program Files\VideoLAN
2008-08-21 08:46 --------- d-----w C:\Documents and Settings\Asus\Application Data\vlc
2008-08-19 14:35 --------- d-----w C:\Documents and Settings\Asus\Application Data\Stardock
2008-08-19 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Stardock
2008-08-19 08:26 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{3ADC3395-6379-4C95-9292-30A373AC55BC}
2008-08-19 08:22 --------- d-----w C:\Program Files\Kalypso
2008-08-18 22:16 --------- d-----w C:\Program Files\Lavasoft
2008-08-18 22:15 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-18 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 15:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-14 22:09 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-14 22:05 --------- d-----w C:\Program Files\Java
2008-04-10 00:22 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2008-04-10 00:20 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-04-10 00:12 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-08-27 14:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 14:19 56,239 ----a-w C:\Program Files\svchosts.tbe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFre1.dll" [2008-04-10 1470488]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFre1.dll" [2008-04-10 1470488]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-29 36864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Orange Desktop Search"="C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" [2007-01-17 4938016]
"WindowsAPI32"="C:\rmxgdx.exe" [2008-10-13 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"I downloaded pirated Software from P2P"="Star Wars Empire at War Forces of Corruption" [X]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 1953792]
"VC9Player"="C:\Program Files\Virtual CD v9\System\VC9Play.exe" [2007-12-03 202048]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-29 2512128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2008-02-01 439568]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-29 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xggwfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winax77.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winbp55.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Wanadoo Edition\\Digital Reality\\Haegemonia\\_HGM.TMP"=
"C:\\Program Files\\Wanadoo Edition\\Digital Reality\\Haegemonia - The Solon Heritage\\HGMA.EXE"=
"C:\\Program Files\\Kalypso\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"C:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"C:\\rmxgdx.exe"=

R1 vdrv9000;vdrv9000;C:\WINDOWS\system32\DRIVERS\vdrv9000.sys [2007-11-14 113168]
R2 VC9SecS;Virtual CD v9 Management Service;C:\Program Files\Virtual CD v9\System\vc9secs.exe [2007-12-03 132416]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 HH9Help.sys;HH9Help.sys;C:\WINDOWS\system32\drivers\HH9Help.sys [2006-09-20 11392]
S3 winax77;winax77;C:\WINDOWS\System32\drivers\Winax77.sys [ ]
S3 winbp55;winbp55;C:\WINDOWS\System32\drivers\Winbp55.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{744d643e-6714-11dd-a772-001d60ea6e54}]
\Shell\AutoRun\command - 3o.exe
\Shell\explore\Command - 3o.exe
\Shell\open\Command - 3o.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-jyzmii - jyzmii.dll
Notify-xsrbgna - xsrbgna.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\n9hvq2du.default\
FF -: plugin - C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\n9hvq2du.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 23:18:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset003\Services\vdrv9000]
"ImagePath"="system32\DRIVERS\vdrv9000.sys"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Virtual CD v9\System\vc9tray.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 23:22:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 21:22:50

Avant-CF: 49 227 608 064 octets libres
Après-CF: 49,131,536,384 octets libres

270 --- E O F --- 2008-09-10 08:56:28
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 464
14 oct. 2008 à 00:15
Bien ...

Avant de poursuivre , on va faire quelques vérifs :

1- Avoir accès aux fichiers cachés :

Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valides la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )

=============================

2- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\rmxgdx.exe

Cliques sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copies le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


Fais de même pour :
C:\siggjefi.exe
C:\Documents and Settings\Asus\iuns.exe
C:\WINDOWS\system32\HsInfo.dat
C:\Program Files\serial.tde
C:\WINDOWS\system32\DRIVERS\vdrv9000.sys

C:\Program Files\svchosts.tbe

postes moi donc ces 7 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) ...


une fois ces rapports posté ( et pas avant ), fais la suite :

=====================================

3-Télécharges UsbFix de Chiquitine29 sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

! Déconnectes toi d'internet et fermes toutes applications en cours !

--> Double-cliques sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .


Branches toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .

--> Double-cliques sur le raccourci "UsbFix" qui est sur ton bureau pour lancer l'outil et laisses le travailler .

--> Le pc va redémarrer .

--> Une fois de retour à ton bureau , le rapport "UsbFix.txt" s'affiche .
Fais un copier/coller de son contenu dans ta prochaine réponse pour analyse et attends la suite ....

( Note : le rapport UsbFix.txt est sauvegardé a la racine du disque dur > C:\UsbFix.txt )


PS : Si le Bureau ne réapparait pas, presses Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tapes explorer.exe et valides .
0
Utilisateur anonyme
14 oct. 2008 à 00:21
Salut pour suivre

bonne suite

@+
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 464
14 oct. 2008 à 00:24
Salut Chiqui ^^

sacré morceau ce cas là ...
0
Utilisateur anonyme
14 oct. 2008 à 00:25
voui t as du taf lol

bon courage -;)

@+
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
14 oct. 2008 à 00:43
Fichier rmxgdx.exe reçu le 2008.10.14 00:33:03 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 TR/Spy.Gen
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 Win32:Hupigon-LIE
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.13 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 Suspicious:W32/Malware!Gemini
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 Win32:Hupigon-LIE
Ikarus T3.1.1.34.0 2008.10.13 Trojan-Downloader.Agent.ZHO
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.13 Heur.Trojan.Generic
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 probably a variant of Win32/Genetik
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 Cloaked Malware
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 Trojan.Spy.Gen
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1719.1 2008.10.13 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 45056 bytes
MD5...: ec799e3eacc2b5dfe64e7f1bf58be133
SHA1..: 7462e83b8678eee27d4892ec98fc6a59f6fb61eb
SHA256: 33176491b5f860beec86550cdd2f500dcb7ef566e25bea724bcfbe9e59885fb2
SHA512: eaa64a05cf0f5b593023fc3a6c614e120691172aa978c1acfafca067a3f2db91<br>04741f80e19a70065acad5c597239caa7d2dce4d5148d9e7f7c03bd4a031d3a0
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4055e0<br>timedatestamp.....: 0x48f33352 (Mon Oct 13 11:38:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x7f18 0x8000 5.82 31f55d1e6b70ee399e6433a85512a033<br>.rdata 0x9000 0x8c1 0x1000 2.48 12d27ae61446d794be102e11716efc48<br>.data 0xa000 0xcc4 0x1000 4.62 6e6d10847f00143b6e2e1010f3c1d2d5<br><br>( 4 imports ) <br>> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> KERNEL32.dll: InitializeCriticalSection, CreateThread, GetCommandLineA, CreateMutexA, Sleep, GetCurrentThread, GetCurrentThreadId, GetLastError, GetVersion, GetCurrentProcess, GetTickCount, GetProcessHeap, GetCurrentProcessId, DeleteCriticalSection<br>> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey<br>> msvcrt.dll: strlen, strcat, rand, realloc, atoi, strchr, strstr, strcpy, _snprintf, _time64, _fullpath, free, sscanf, strncpy, srand, strtok, malloc, strrchr, sprintf, exit, gmtime, strncmp, isdigit, _strrev<br><br>( 1 exports ) <br>time<br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=745237B80078EFC5B00B006B5F2ADF00D3645904
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
14 oct. 2008 à 00:46
Fichier siggjefi.exe reçu le 2008.10.14 00:44:15 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 Win-Trojan/Downloader.27136.BZ
AntiVir 7.8.1.34 2008.10.13 TR/Small.xzz
Authentium 5.1.0.4 2008.10.13 W32/Backdoor2.CCMC
Avast 4.8.1248.0 2008.10.14 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.13 Dropper.Agent.JYC
BitDefender 7.2 2008.10.14 Dropped:Trojan.PWS.Yaludle.B
CAT-QuickHeal 9.50 2008.10.13 Trojan.Small.xyi
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 Trojan.MulDrop.18492
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 W32/Backdoor2.CCMC
F-Secure 8.0.14332.0 2008.10.13 Trojan.Win32.Small.xyi
Fortinet 3.113.0.0 2008.10.14 PossibleThreat
GData 19 2008.10.14 Dropped:Trojan.PWS.Yaludle.B
Ikarus T3.1.1.34.0 2008.10.13 PWS.Win32.Yaludle.A
K7AntiVirus 7.10.492 2008.10.13 Trojan.Win32.Small.xyi
Kaspersky 7.0.0.125 2008.10.14 Trojan.Win32.Small.xyi
McAfee 5403 2008.10.11 Generic PWS.y
Microsoft 1.4005 2008.10.14 PWS:Win32/Yaludle.A
NOD32 3519 2008.10.14 Win32/Agent.QSF
Norman 5.80.02 2008.10.13 W32/Smalltroj.HPOS
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 Trojan.Win32.Small.xyi
SecureWeb-Gateway 6.7.6 2008.10.13 Trojan.Small.xzz
Sophos 4.34.0 2008.10.13 Mal/Generic-A
Sunbelt 3.1.1719.1 2008.10.13 Trojan.Win32.Small.xyi
Symantec 10 2008.10.14 Trojan.Silentbanker
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 Trojan.Win32.Small.xyi
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 Trojan.Alureon.KY
Information additionnelle
File size: 40960 bytes
MD5...: 62f76717050fc800f1edf80b3da4f7fe
SHA1..: 709bc6b0e4433ee4b51f16e77357146d0cb5ccc4
SHA256: 437976d480fce0279e751e0b66224fe99ff2f57fdf8d152b079befcc436ba525
SHA512: 734c4459b905714054b69ece343ad623b714ae26cb9c3e14bc9ea65887c0396e<br>4d76e5569684fce007ba4c9eb0b95ef6b076c9131c07bde68805974edc92b7ed
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401301<br>timedatestamp.....: 0x48c04424 (Thu Sep 04 20:25:08 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x4ef 0x1000 2.43 320059d191645476667fb3f626fa490e<br>.rdata 0x2000 0x132 0x1000 0.50 18b2970fb683f42c7fab952260a5bdb3<br>.data 0x3000 0x1144 0x2000 0.49 cd61d1cb35020a657fed326eb8c58a0d<br>.rsrc 0x5000 0x4a70 0x5000 5.51 6c30736fa6850217c7598c44b1dfc7ab<br><br>( 2 imports ) <br>> KERNEL32.dll: CloseHandle, WriteFile, SetFilePointer, lstrcatA, IsBadReadPtr, lstrlenA, GetProcAddress, GetModuleHandleA<br>> MSVCRT.dll: memset<br><br>( 0 exports ) <br>
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
14 oct. 2008 à 00:49
Fichier iuns.exe reçu le 2008.10.14 00:47:04 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 TR/Dldr.Small.DDT.1
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 Win32:Small-LLZ
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 BehavesLike:Trojan.Downloader
CAT-QuickHeal 9.50 2008.10.13 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.10.13 Trojan.OnlineGames-1517
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 Suspicious File
eTrust-Vet 31.6.6146 2008.10.13 Win32/Harnig!generic
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 Trojan-Downloader.Win32.Harnig.dr
Fortinet 3.113.0.0 2008.10.14 W32/Small.DRU!tr.dldr
GData 19 2008.10.14 Win32:Small-LLZ
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 Trojan-Downloader.Win32.Harnig.dr
Kaspersky 7.0.0.125 2008.10.14 Trojan-Downloader.Win32.Harnig.dr
McAfee 5403 2008.10.11 Generic Downloader.x
Microsoft 1.4005 2008.10.14 TrojanDownloader:Win32/Harnig.gen!L
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 W32/Packed_FSG.D
Panda 9.0.0.4 2008.10.13 Adware/Secure32
PCTools 4.4.2.0 2008.10.13 Packed/FSG
Prevx1 V2 2008.10.14 Cloaked Malware
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 Trojan.Dldr.Small.DDT.1
Sophos 4.34.0 2008.10.13 Mal/Packer
Sunbelt 3.1.1719.1 2008.10.13 Trojan.Unidentified.Gen.FN
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 PAK_Generic.001
VBA32 3.12.8.6 2008.10.13 suspected of Win32.Trojan.Downloader (http://...)
ViRobot 2008.10.13.1417 2008.10.13 Trojan.Win32.Downloader.2933
VirusBuster 4.5.11.0 2008.10.13 Packed/FSG
Information additionnelle
File size: 2933 bytes
MD5...: c35939f1adc5105519d7a50e13b09116
SHA1..: 8f57567543b225e99dca1a0eb3882ed1e37e6898
SHA256: b4f6f4dd372c20fda444897cd0a2bdb53a56c5361bb758057cd944c5a9becaf7
SHA512: 16c37b03f2184e1c9e8dcb419711d0cb10038451ecdcf804f7f2c5a4c0f3e81b<br>d094e6829cee9b2dd28ae5c001865d926751a6a3a272c5ad36fe6718d4ee71e3
PEiD..: FSG v2.0 -> bart/xt
TrID..: File type identification<br>Win32 Executable Generic (67.9%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Targa bitmap (Original TGA Format) (0.0%)<br>MS Flight Simulator Aircraft Performance Info (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x400154<br>timedatestamp.....: 0x21475346 (Fri Sep 11 01:35:02 1987)<br>machinetype.......: 0x14c (I386)<br><br>( 2 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br> 0x1000 0x3000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br> 0x4000 0x1000 0x975 7.74 a1be49c9cbad0169230eaf94ef69d81a<br><br>( 1 imports ) <br>> KERNEL32.dll: LoadLibraryA, GetProcAddress<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=CAE6D5EB75FF245C0B950028AA23CD00B79BCD14
packers (Kaspersky): FSG
packers (Avast): FSG
packers (F-Prot): FSG
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
14 oct. 2008 à 00:56
Fichier HsInfo.dat reçu le 2008.10.14 00:53:03 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1719.1 2008.10.13 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 96 bytes
MD5...: c5e84d7f42b8983f76810cdc74a041a9
SHA1..: 3019ae15ffb4ab7aacc7b2a041f09a28433190fe
SHA256: 05a580d6147820b08f0303b7d4155570539cf254bcbf144eadb77feaa9a19dbc
SHA512: 69b996a58dd1e6b6782a0ef919c2f60506e23b769852d1eccf7497c610375c40<br>98c89cd75b45c88ff25ddc49af36562999c9e4348a3c43c415c65b68283fe290
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
14 oct. 2008 à 01:02
Fichier serial.tde reçu le 2008.10.14 01:00:16 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 Win32:Peerad
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 W32/Small.DUI!tr.dldr
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1722.1 2008.10.14 <Encrypted Archive>
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 1015973 bytes
MD5...: 13a3adb2352d6f37813e928f41ee1973
SHA1..: 6b239862ad08271f78749499cbad5dbbf236b34d
SHA256: 1273467394eb4b395b171b26901da5d223478f139fb344b88109e0fd0170ff93
SHA512: a4cd3b4cfd3e1317f97abdf1023a596c0a67b7e29494d79b4be1dae3743c3176<br>5a1cce9a175e49762bd99a4b57af6eb149f37198f823dc60cc01f290eb2b062a
PEiD..: -
TrID..: File type identification<br>ZIP compressed archive (100.0%)
PEInfo: -
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
14 oct. 2008 à 01:05
Fichier vdrv9000.sys reçu le 2008.10.14 01:03:10 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1722.1 2008.10.14 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 113168 bytes
MD5...: 20afd8210dc2b83aab0d46886bc701f6
SHA1..: 8b7766dda270995c4acd5707953c246f7ab86863
SHA256: 65cfea699b222d6781ed4535b338a698c586a7fe5346432d7a1884c4ef76f19a
SHA512: 71c8a1926b022e424c3189320b43a934edb98eb0cf03c0d710126005373a2e4f<br>5b0a782127bd6408c3a5ee4f528eb8f7add41b3068964a7f4c430d935ae3cdc8
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (87.2%)<br>Win32 Executable Generic (8.6%)<br>Generic Win/DOS Executable (2.0%)<br>DOS Executable Generic (2.0%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2c005<br>timedatestamp.....: 0x4732c30a (Thu Nov 08 08:04:26 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x141d7 0x14200 6.68 3a7e8c10ca686c51a3105a804cafefc3<br>.rdata 0x16000 0x5fc 0x600 3.94 f808860965118e0aa996e81c07b13c77<br>.data 0x17000 0x40f0 0x3c00 6.08 f769908b5b339f5b15391824a5a98d44<br>INIT 0x1c000 0x686 0x800 4.96 fe06796734bd6b27bcfc64ae6da1a9c1<br>.rsrc 0x1d000 0x3d8 0x400 3.24 bc87b2de1a1e762f96b2401e5c457f39<br>.reloc 0x1e000 0xa3e 0xc00 5.83 768886b041c57371b248ab3986d0418d<br><br>( 3 imports ) <br>> ntoskrnl.exe: KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, _alldiv, _allmul, IofCompleteRequest, memmove, ZwQuerySystemInformation, MmGetSystemRoutineAddress, RtlInitUnicodeString, InitSafeBootMode, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, ExAllocatePoolWithTag, ExFreePoolWithTag, RtlUnicodeStringToAnsiString, RtlQueryRegistryValues, PsRevertToSelf, SeImpersonateClient, ZwCreateFile, ZwReadFile, ZwClose, RtlWriteRegistryValue, ObfDereferenceObject, KeGetCurrentThread, SeCreateClientSecurity, ZwSetValueKey, KeQuerySystemTime, ZwQueryValueKey, ZwFlushKey, ZwOpenKey, ZwCreateKey, RtlAnsiStringToUnicodeString, RtlInitAnsiString, wcsrchr, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwOpenSection, ZwCreateSection, ObfReferenceObject, KeClearEvent, IoCreateSynchronizationEvent, RtlRandom, ZwFlushVirtualMemory, _allrem, ZwWriteFile, KeTickCount, KeBugCheckEx, RtlUnwind, sprintf, strrchr, PsGetCurrentProcessId, strncpy, KeSetEvent, memset, SeTokenType, memcpy<br>> HAL.dll: KeQueryPerformanceCounter, KeGetCurrentIrql<br>> SCSIPORT.SYS: ScsiPortNotification, ScsiPortInitialize, ScsiPortLogError, ScsiPortGetSrb<br><br>( 0 exports ) <br>
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
14 oct. 2008 à 01:08
Fichier svchosts.tbe reçu le 2008.10.14 01:06:38 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.14.0 2008.10.13 -
AntiVir 7.8.1.34 2008.10.13 -
Authentium 5.1.0.4 2008.10.13 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.13 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.13 -
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6146 2008.10.13 -
Ewido 4.0 2008.10.13 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.13 -
K7AntiVirus 7.10.492 2008.10.13 -
Kaspersky 7.0.0.125 2008.10.14 Password-protected-EXE
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.14 -
NOD32 3519 2008.10.14 -
Norman 5.80.02 2008.10.13 -
Panda 9.0.0.4 2008.10.13 -
PCTools 4.4.2.0 2008.10.13 -
Prevx1 V2 2008.10.14 -
Rising 20.66.02.00 2008.10.13 -
SecureWeb-Gateway 6.7.6 2008.10.13 -
Sophos 4.34.0 2008.10.13 -
Sunbelt 3.1.1722.1 2008.10.14 <Encrypted Archive>
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.109 2008.10.13 -
TrendMicro 8.700.0.1004 2008.10.13 -
VBA32 3.12.8.6 2008.10.13 -
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.13 -
Information additionnelle
File size: 56239 bytes
MD5...: 1e3013a4fe9f5ab192c99dca7ade2e44
SHA1..: fe374b9c37cbbeedafe3346d33ffbd9b542dd4b1
SHA256: e565451b8700410c1e3a1b4d1747cf2f8401eda26f33818473720be3789a3fab
SHA512: 82eb8a58f13067f9cd552a59ae4d95f25b4f43985173ee38ea5f22ef3c3ba8e5<br>1e0457e3cde1ede0046c267a2ef20b4930aedd578d772d41fa01fe877618c86d
PEiD..: -
TrID..: File type identification<br>ZIP compressed archive (100.0%)
PEInfo: -
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 464
14 oct. 2008 à 01:13
très bien ...

le temps que tu faces USBFix , je te prépare la suite ...
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
14 oct. 2008 à 01:17
-------------- UsbFix V1.095 ---------------

* User : Asus - ORGANIX
* Outils mis a jours le 13/10/2008 par Chiquitine29
* Recherche effectuée à 1:12:33 le 14/10/2008
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\Asus\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

E: - Lecteur fixe

G: - Lecteur amovible


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RTHDCPL REG_SZ RTHDCPL.EXE
JMB36X IDE Setup REG_SZ C:\WINDOWS\RaidTool\xInsIDE.exe
36X Raid Configurer REG_SZ C:\WINDOWS\system32\xRaidSetup.exe boot
VC9Player REG_SZ C:\Program Files\Virtual CD v9\System\VC9Play.exe
OODefragTray REG_SZ C:\WINDOWS\system32\oodtray.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
I downloaded pirated Software from P2P REG_SZ Star Wars Empire at War Forces of Corruption

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Orange Desktop Search REG_SZ "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
WindowsAPI32 REG_SZ C:\rmxgdx.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1214440339-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1214440339-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1214440339-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744d643e-6714-11dd-a772-001d60ea6e54}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------


--------------- ! Fin du rapport ! ----------------
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 464
14 oct. 2008 à 01:27
Très bien ...


-> refais un coup de CCleaner ( registre compris ) .


Et voilà la suite :


1-Crées un doc texte sur ton bureau :
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :


Registry:: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"I downloaded pirated Software from P2P"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 
"AppInit_DLLs"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 
"AppInit_DLLs"=""

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winax77.sys] 
 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winbp55.sys] 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
"C:\\rmxgdx.exe"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"WindowsAPI32"=- 
 
File:: 
C:\WINDOWS\system32\rqrpnMEx.dll 
C:\WINDOWS\system32\iiFWnNDs.dll 
C:\WINDOWS\system32\pmnkkHxv.dll 
C:\WINDOWS\system32\mljJDUnK.dll 
C:\WINDOWS\system32\iiFyWolK.dll 
C:\WINDOWS\system32\fccbayyw.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\DUMP6b3d.tmp
C:\rmxgdx.exe
C:\siggjefi.exe
C:\Documents and Settings\Asus\iuns.exe
C:\Program Files\serial.tde 
C:\Program Files\svchosts.tbe 
C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe 
 
Folder:: 
C:\VundoFix Backups 
C:\Program Files\pkjjpce 
C:\Documents and Settings\All Users\Application Data\ijqtyben 
C:\Documents and Settings\Asus\Application Data\5 
C:\Program Files\Rapid Antivirus

Driver:: 
winax77
winbp55 
 
DirLook:: 
C:\Documents and Settings\Asus\Application Data\Petroglyph
C:\Program Files\alaplaya




2-Nettoyage :

!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
0
fado97 Messages postés 110 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 23 avril 2016
14 oct. 2008 à 02:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:44:57, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Virtual CD v9\System\VC9Play.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE
C:\Program Files\Virtual CD v9\System\VC9Tray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {373FDD2F-ED35-4815-8689-1DE1704E2012} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 464
14 oct. 2008 à 02:16
Il me faut aussi le rapport de Combofix stp ...

C:\Combofix.txt

0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 464
14 oct. 2008 à 02:23
re,

si il est trop long , postes le en plusieur fois pour qui passe ...
0