(RESOLU) PROBLEME AVEC MALWARE SPYWARE + CROIX ROUGE QUI CLIGNOTE

artourner · le 26 septembre 2007

VOILA MON PROBLEME EST QUE DES MESSAGES NARETTENT PAS DE SAFICHER AUTOMATIQUEMENT EN ME DISANT QUE MON ORDINATEUR EST INFECTER.

ET EN PLUS MAINTENANT J AI UNE CROIX ROUGE QUI CLIGNOTE.

J AI ESSAYER DE VOIR LES AUTRES MESSAGE POUR ME DEPANNER TOUT SEUL MAIS LE PROBLEME C EST QUE CE N EST PAS LES MEME NOMS DE "VIRUS,MALWARE,SPYWARE"

EN ATTENDANT VOTRE AIDE JE VOUS REMERCI.

Modifié le 3 octobre 2007 par artourner

Thanos · le 26 septembre 2007

salut et bienvenue

Stp, lorsque tu réponds, utilise les minuscules

Clique ICI pour télécharger le fichier d'installation d'HijackThis :

Enregistre HJTInstall.exe sur ton bureau
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là > C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

Tutoriel > http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

artourner · le 26 septembre 2007

voila le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:02:36, on 26/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: MSVPS System - {428FA4A4-C8EC-427C-85DE-11C80F67893A} - C:\WINDOWS\mscore.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?78df20d9ad0945d9b3e25c103df5cae3

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?78df20d9ad0945d9b3e25c103df5cae3

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshel...ronGameHost.cab

O18 - Protocol: bw+0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {6784A364-BA04-46C9-9854-E895A461BE47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O21 - SSODL: drvsvp - {6D2593AE-57B8-4534-AE23-9B06CD82F317} - C:\WINDOWS\drvsvp.dll

O21 - SSODL: mssql - {85EAE298-A86C-4978-9153-A45592646453} - C:\WINDOWS\mssql.dll

O21 - SSODL: syscore - {5D97266B-A0A9-4F52-9851-27B9BE52DBD7} - C:\WINDOWS\syscore.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--

End of file - 23098 bytes

merci

Thanos · le 26 septembre 2007

ok le pc est bien infecté! poste moi ce rapport stp >

Télécharge combofix.exe de sUBs

Assure toi que tous les programmes sont fermés avant de lancer le fix!
Fait un double clique sur combofix.exe.
Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
Tape sur la touche 1 pour démarrer le scan.
Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
Si le rapport est trop long, poste le en deux fois.

artourner · le 26 septembre 2007

voici le rapport.

ComboFix 07-09-21.2 - "vincent" 2007-09-26 23:27:27.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.298 [GMT 2:00]

* Created a new restore point

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DOCUME~1\vincent\Favoris\Error Cleaner.url

C:\DOCUME~1\vincent\Favoris\Privacy Protector.url

C:\DOCUME~1\vincent\Favoris\Spyware&Malware Protection.url

C:\DOCUME~1\vincent\ravmonlog

C:\WINDOWS\dat.txt

C:\WINDOWS\main_uninstaller.exe

C:\WINDOWS\pack.epk

C:\WINDOWS\rs.txt

C:\WINDOWS\search_res.txt

C:\WINDOWS\system32\nnuubdcbji.dat

C:\WINDOWS\system32\nnuubdcbji.exe

C:\WINDOWS\system32\nnuubdcbji_nav.dat

C:\WINDOWS\system32\nnuubdcbji_navps.dat

C:\WINDOWS\system32\nvs2.inf

.

((((((((((((((((((((((((((((( Fichiers créés 2007-08-26 to 2007-09-26 ))))))))))))))))))))))))))))))))))))

.

2007-09-26 23:26 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-26 22:01 <REP> d-------- C:\Program Files\Trend Micro

2007-09-26 17:57 241,664 --a------ C:\WINDOWS\div32.dll

2007-09-26 17:57 229,376 --a------ C:\WINDOWS\syscore.dll

2007-09-26 17:57 212,992 --a------ C:\WINDOWS\mssql.dll

2007-09-25 23:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-09-25 22:43 2,744 --a------ C:\WINDOWS\system32\tmp.reg

2007-09-25 22:42 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-09-25 22:42 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-09-25 22:42 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-09-25 22:42 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-09-25 21:39 <REP> d-------- C:\DOCUME~1\vincent\APPLIC~1\Bitdefender

2007-09-25 21:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender

2007-09-25 21:38 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender

2007-09-25 17:42 229,376 --a------ C:\WINDOWS\msduo2.dll

2007-09-25 17:42 217,088 --a------ C:\WINDOWS\mscore.dll

2007-09-25 17:42 212,992 --a------ C:\WINDOWS\drvsvp.dll

2007-09-25 17:12 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2007-09-25 17:11 <REP> d-------- C:\Program Files\BitDefender

2007-09-24 19:16 <REP> d-------- C:\Program Files\Microsoft Works

2007-09-24 19:15 <REP> d-------- C:\Program Files\MSBuild

2007-09-24 19:14 <REP> d-------- C:\Program Files\Microsoft.NET

2007-09-24 19:10 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8

2007-09-24 19:09 <REP> d-------- C:\WINDOWS\SHELLNEW

2007-09-24 18:44 29,968 --a------ C:\WINDOWS\system32\mdimon.dll

2007-09-24 18:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

2007-09-24 18:33 <REP> dr-h----- C:\MSOCache

2007-09-23 22:36 <REP> d-------- C:\DOCUME~1\vincent\APPLIC~1\Microsoft Web Folders

2007-09-23 20:55 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys

2007-09-23 20:55 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys

2007-09-23 20:55 <REP> d-------- C:\Program Files\Alcohol Soft

2007-09-18 22:37 <REP> d-------- C:\Program Files\Micro Application

2007-09-09 00:50 <REP> d-------- C:\Program Files\iTunes

2007-09-09 00:50 <REP> d-------- C:\Program Files\iPod

2007-09-05 19:25 <REP> d-------- C:\DOCUME~1\vincent\APPLIC~1\Media Player Classic

2007-09-05 19:23 740,442 --a------ C:\WINDOWS\system32\divx.dll

2007-09-05 19:23 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-09-05 19:23 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-09-05 19:23 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-09-05 19:23 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-09-05 19:23 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-09-05 19:23 163,840 --a------ C:\WINDOWS\system32\unrar.dll

2007-09-05 19:23 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-09-05 19:23 <REP> d-------- C:\Program Files\K-Lite Codec Pack

2007-09-05 19:08 <REP> d-------- C:\Program Files\MP3 Player Utilities 3.68

2007-09-03 23:40 <REP> d-------- C:\Program Files\TagRename

2007-08-29 01:25 <REP> d-------- C:\Program Files\Medieval Software

2007-08-28 01:15 <REP> d-------- C:\Program Files\Fichiers communs\NSV

2007-08-27 20:29 <REP> d-------- C:\DOCUME~1\vincent\APPLIC~1\EPSON

2007-08-27 17:23 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-08-26 20:07 <REP> d-------- C:\Program Files\Winamp

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-26 22:48 --------- d-------- C:\Program Files\Wanadoo

2007-09-26 22:44 --------- d-------- C:\Program Files\eMule

2007-09-25 21:38 --------- d-------- C:\DOCUME~1\vincent\APPLIC~1\Lavasoft

2007-09-23 22:36 --------- d-------- C:\Program Files\microsoft frontpage

2007-09-18 22:37 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-09-06 23:14 --------- d-------- C:\DOCUME~1\vincent\APPLIC~1\Azureus

2007-09-05 01:08 --------- d-------- C:\DOCUME~1\vincent\APPLIC~1\Ahead

2007-08-29 15:27 --------- d-------- C:\DOCUME~1\vincent\APPLIC~1\Apple Computer

2007-08-24 14:05 --------- d-------- C:\Program Files\Image-Line

2007-08-24 13:59 --------- d-------- C:\Program Files\VstPlugins

2007-08-20 21:05 --------- d-------- C:\Program Files\HighCriteria

2007-08-17 22:54 --------- d-------- C:\Program Files\tcpmp

2007-08-17 22:54 --------- d-------- C:\Program Files\Mio DigiWalker

2007-08-16 19:10 --------- d-------- C:\Program Files\RawFlow

2007-08-15 23:15 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

2007-08-15 22:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

2007-08-12 22:02 --------- d-------- C:\DOCUME~1\vincent\APPLIC~1\iPod2PC3

2007-08-12 21:33 --------- d-------- C:\Program Files\Fichiers communs\eSellerate

2007-08-09 13:48 --------- d-------- C:\Program Files\PC Inspector File Recovery

2007-08-04 23:13 --------- d-------- C:\Program Files\JetAudio

2007-08-04 23:13 --------- d-------- C:\Program Files\Fichiers communs\COWON

2007-08-04 23:13 --------- d-------- C:\DOCUME~1\vincent\APPLIC~1\COWON

2007-08-02 17:03 188432 --a------ C:\WINDOWS\system32\drivers\bdfsfltr.sys

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2007-07-26 15:46 --------- d-------- C:\DOCUME~1\vincent\APPLIC~1\Samsung

2007-07-26 15:27 --------- d-------- C:\Program Files\Samsung

2007-07-20 15:54 77824 --a------ C:\WINDOWS\system32\xcomm.dll

2007-07-16 21:23 359808 --a------ C:\WINDOWS\system32\dllcache\TCPIP.SYS

2007-07-09 15:14 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-06-26 16:36 669696 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-26 15:56 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll

2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 08:09 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{428FA4A4-C8EC-427C-85DE-11C80F67893A}]

2007-09-26 12:51 241664 --a------ C:\WINDOWS\div32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-08 17:31]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 00:47]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]

"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]

"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]

"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-09-25 21:41]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-05 20:05]

"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 18:34]

"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-16 09:47]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2004-05-06 12:13]

"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]

"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"drvsvp"= {6D2593AE-57B8-4534-AE23-9B06CD82F317} - C:\WINDOWS\drvsvp.dll [2007-09-25 16:44 212992]

"mssql"= {85EAE298-A86C-4978-9153-A45592646453} - C:\WINDOWS\mssql.dll [2007-09-26 12:51 212992]

"syscore"= {5D97266B-A0A9-4F52-9851-27B9BE52DBD7} - C:\WINDOWS\syscore.dll [2007-09-26 12:51 229376]

R1 bdftdif;bdftdif;\??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys

R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys

R3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys

R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx

S0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx scan

*Newly Created Service* - CATCHME

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-09-08 17:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-04-03 19:32:42 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

"2007-09-26 20:42:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

.

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-26 23:31:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

.

Completion time: 2007-09-26 23:32:16

C:\ComboFix-quarantined-files.txt ... 2007-09-26 23:32

.

--- E O F ---

mon pc est t'il fortement infecté???

et t'il possible de le guerir???

merci encore

Thanos · le 27 septembre 2007

salut

mon pc est t'il fortement infecté???
et t'il possible de le guerir???

Je poste juste pour te tranquilliser : oui c'est tout à fait réparable je te poste une procédure en milieu d'après midi.

Modifié le 27 septembre 2007 par charles ingals

Thanos · le 27 septembre 2007

salut

Voilà la suite stp >

Copie/colle les instructions qui suivent dans un fichier texte afin de pouvoir les consulter en mode sans échec, car tu n'auras pas accès à internet!!

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

1) Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

2) Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.

Déroule la liste des instructions ci-dessous :

3) Elimine le fichier suivant > C:\WINDOWS\msduo2.dll

4) Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

@+

Modifié le 27 septembre 2007 par charles ingals

artourner · le 27 septembre 2007

SDFix: Version 1.107

Run by vincent on 27/09/2007 at 16:51

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\vincent\Bureau\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value

Rebooting...

Normal Mode:

Checking Files:

Trojan Files Found:

C:\Documents and Settings\vincent\Bureau\Error Cleaner.url - Deleted

C:\Documents and Settings\vincent\Favoris\Error Cleaner.url - Deleted

C:\Documents and Settings\vincent\Bureau\Privacy Protector.url - Deleted

C:\Documents and Settings\vincent\Favoris\Privacy Protector.url - Deleted

C:\Documents and Settings\vincent\Bureau\Spyware&Malware Protection.url - Deleted

C:\Documents and Settings\vincent\Favoris\Spyware&Malware Protection.url - Deleted

C:\WINDOWS\dat.txt - Deleted

C:\WINDOWS\drvsvp.dll - Deleted

C:\WINDOWS\mscore.dll - Deleted

C:\WINDOWS\rs.txt - Deleted

C:\WINDOWS\search_res.txt - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:

---------------

File Backups: - C:\DOCUME~1\vincent\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 3 Apr 2007 208 A.SHR --- "C:\BOOT.BAK"

Wed 4 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 27 Sep 2007 65,536 A..H. --- "C:\Documents and Settings\vincent\Local Settings\Application Data\Microsoft\Outlook\~outlook.pst.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:06:51, on 27/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: MSVPS System - {428FA4A4-C8EC-427C-85DE-11C80F67893A} - C:\WINDOWS\div32.dll