Impossible de desinfecter mon pc

jahlo -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,depuis hier soir je me retrouve avec un virus que mon anti virus ANTIVIR N arrive pas à enlever impossible de le supprimer ou n importe quelles autres actions voici le fichier infecté

C:\WINDOWS\system32\nmdfgds0.dll'

Quelqu un peut il m aider à trouver la solution merci d'avance merci beaucoups !!!
Configuration: Windows XP
Firefox 3.0.5

31 réponses

  • 1
  • 2
Résumé de la discussion

Une infection virale persiste sous Windows XP malgré l’antivirus ANTIVIR N, avec un fichier infecté du chemin C:\WINDOWS\system32\nmdfgds0.dll et des symptômes perceptibles sur l’ordinateur, nécessitant une évaluation approfondie.
Plusieurs recommandations préconisent d’abord Malwarebytes, puis Combofix en dernier recours, afin d’éliminer les infections multiples; HijackThis est suggéré pour repérer et corriger les entrées indésirables dans le système.
D'autres avis soulignent des difficultés pratiques, comme l’absence d’options dans HijackThis ou le besoin d’identifier des clés Run et des fichiers cachés, et insistent sur l’importance d’utiliser des sources officielles.
En complément, il est noté que des infections additionnelles peuvent nécessiter une approche multi-outils et que certains échanges recommandent d’éviter les outils non officiels ou non vérifiés, afin de limiter les risques système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. plopus Messages postés 49 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
     
    bonjour,

    on dirai vundo...

    Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
    http://images.malwareremoval.com/random/RSIT.exe
    Clique sur Continue
    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront poste les 2 rapports SEPAREMENT
    0
    1. jahlo
       
      ok merci voici les 2 rapports !!!
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Soatto at 2009-01-24 09:49:38
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 51 GB (44%) free of 114 GB
      Total RAM: 767 MB (36% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 09:49:54, on 24/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\imapi.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Logitech\QuickCam10\COCIManager.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Java\jre6\bin\java.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Documents and Settings\Soatto\Local Settings\Temporary Internet Files\Content.IE5\0TT4AM9L\RSIT[1].exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\Program Files\trend micro\Soatto.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {2EB8F87C-1BA4-479F-503B-20D7F34B11EE} - (no file)
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: is-7U82N.lnk = C:\Documents and Settings\Soatto\Bureau\Virus Removal Tool\is-7U82N\startup.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: is-7U82N.lnk = C:\Documents and Settings\Soatto\Bureau\Virus Removal Tool\is-7U82N\startup.exe (User 'Default user')
      O4 - Startup: is-7U82N.lnk = C:\Documents and Settings\Soatto\Bureau\Virus Removal Tool\is-7U82N\startup.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: &Search - ?p=ZCfox000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jahlojahlo1975.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mistersfrance.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://assets.photobox.com/assets/activex/uploader_uni.cab
      O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0E64D55F-8C2F-4FC0-99AE-C6095324EB44}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{189B9683-EB72-4930-A4C7-DE1AFC88BE2E}: NameServer = 212.27.54.252,212.27.53.232
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2C07D940-70CC-44E6-9826-D86A2CCB63B3}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{666FD640-7243-4E8A-8550-9951DD2141B1}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B9E2F064-0967-4BFC-8F09-9FB22719A37D}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{FB5EE1A2-98B6-429E-9A02-CA5D80AE8BDD}: NameServer = 192.168.0.254,212.27.53.252
      O18 - Protocol: bw+0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
      O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)
      O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      0
  2. plopus Messages postés 49 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
     
    relance hijackthis choisit "do a scan only" et coche les cases a gauches des lignes :

    O2 - BHO: (no name) - {2EB8F87C-1BA4-479F-503B-20D7F34B11EE} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O18 - Protocol: bw+0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    puis clic sur fix checked

    ensuite tu es bien infecté...

    desactive ton antivirus et antispyware le fix est detecté a tort puis :

    telecharge simtfraudfix, lance le fait option 1 et poste le rapport stp
    aide toi du tuto le telechargement est dedans http://www.malekal.com/tutorial_SmitFraudfix.php
    0
  3. Nic00 Messages postés 1751 Statut Membre 95
     
    @plopus:

    désolé d'intervenir, mais pour supprimer un Trojan VundoVirtumonde, pas besoin de faire tout ça.

    Il suffit de :

    • Télécharger ComboFix (par sUBs) sur le Bureau.
    • Double-cliquer combofix.exe.
    • Appuyer sur la touche Y (Yes) pour démarrer le scan.
    • Le rapport sera crée dans: C:Combofix.txt.
    • Refaire un rapport HijackThis, et poster le rapport !

    Note: combofix est téléchargeable ici:

    http://boards.cexx.org/index.php?topic=15787.msg65211
    0
    1. jahlo
       
      voici le rapport rsit

      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Soatto at 2009-01-24 11:03:37
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 51 GB (45%) free of 114 GB
      Total RAM: 767 MB (52% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:03:41, on 24/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\imapi.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Logitech\QuickCam10\COCIManager.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Soatto\Bureau\RSIT.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\Program Files\trend micro\Soatto.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: is-7U82N.lnk = C:\Documents and Settings\Soatto\Bureau\Virus Removal Tool\is-7U82N\startup.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: is-7U82N.lnk = C:\Documents and Settings\Soatto\Bureau\Virus Removal Tool\is-7U82N\startup.exe (User 'Default user')
      O4 - Startup: is-7U82N.lnk = C:\Documents and Settings\Soatto\Bureau\Virus Removal Tool\is-7U82N\startup.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Search - ?p=ZCfox000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jahlojahlo1975.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mistersfrance.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/...
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://assets.photobox.com/assets/activex/uploader_uni.cab
      O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0E64D55F-8C2F-4FC0-99AE-C6095324EB44}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{189B9683-EB72-4930-A4C7-DE1AFC88BE2E}: NameServer = 212.27.54.252,212.27.53.232
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2C07D940-70CC-44E6-9826-D86A2CCB63B3}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{666FD640-7243-4E8A-8550-9951DD2141B1}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B9E2F064-0967-4BFC-8F09-9FB22719A37D}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{FB5EE1A2-98B6-429E-9A02-CA5D80AE8BDD}: NameServer = 192.168.0.254,212.27.53.252
      O18 - Protocol: bw+0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
      O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)
      O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      0
  4. plopus Messages postés 49 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
     
    salut Nic00

    c'est peut etre le fix que j'aurai utilisé ensuite parcontre ce n'est n'aurai pas ete pour vundo car il a d'autre infections cela n'en aurai enleve qu'une partie, pour virer vundo en general malwarebyte s'en charge assez bien a voir ensuite...
    0
    1. jahlo
       
      lol merci a vous 2 !! alors je choisis quelle option l adresse que tu m as donné nico je trouve pas le lien pour telecharger le fichier combofix
      0
    2. jahlo
       
      poplus quand je relance il n y a pas l option scan only et pas possible de cocher les cases suis pas tres calé en info excuse moi mes questions vont te paraitre un peu nulles lol !!!
      0
    3. jahlo
       
      poplus on reprend stp
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Bonjour,

    le lien que Nico t'as donné n'est pas le site officiel...

    Suis les conseils de plopus et passe d'abord Malwarebytes stp

    ComboFix est un outil très puissant à éviter le plus possible... Sauf en cas de nécéssité
    0
    1. jahlo
       
      j avais deja malwarebytes il n a pas empecher ca !!!
      0
  7. Nic00 Messages postés 1751 Statut Membre 95
     
    Fais d'abord ce que te dis Plopus car tu as d'autres infections, ensuite je pense que Combofix devra être utilisé.
    0
  8. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    qui a vu du Vundo et où ?
    0
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Alors poste le dernier rapport de Malwarebytes montrant des infections et refais une analyse complète ;-)
    0
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    nmdfgds0.dll n'est pas du Vundo ;-)
    0
  11. jahlo
     
    ouh la moi la je suis perdu !!!! je refais une analyse avec malwarebytes je vous poste le rapport
    0
  12. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    je crois pas :

    http://www.prevx.com/filenames/X1342468636794208142-X1/NMDFGDS02EDLL.html
    0
  13. plopus Messages postés 49 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
     
    ok j'ai dit on dirai mais bon apparament c'est pas sa :/

    bon je m'absente a+ tard
    0
  14. jahlo
     
    bon ok pour moi c est du charrabia je fais koi moi maintenant
    0
  15. Nic00 Messages postés 1751 Statut Membre 95
     
    Poste le rapport de Malwarebytes
    0
    1. jahlo
       
      OK
      0
  16. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Je pencherais plutôt pour un rootkit
    0
    1. jahlo
       
      Version de la base de données: 1688
      Windows 5.1.2600 Service Pack 3

      24/01/2009 10:36:49
      mbam-log-2009-01-24 (10-36-41).txt

      Type de recherche: Examen rapide
      Eléments examinés: 56482
      Temps écoulé: 8 minute(s), 44 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 1

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> No action taken.
      0
  17. Nic00 Messages postés 1751 Statut Membre 95
     
    A Geoffrey 5:

    avoue qu'il faut utiliser Combofix maintenant ^^ (le trojan n'a pas été suprimmer !)

    Sinon pour le rootkit, j'ai pas fais attention mais si on veut savoir il faut utiliser Gmer

    A Jahlo:

    Lien pour télécharger combofix (j'espère que celui-ci fonctionne):

    http://download.bleepingc[...]m/sUBs/ComboFix.exe

    • Double-cliquer combofix.exe.
    • Appuyer sur la touche Y (Yes) pour démarrer le scan.
    • Le rapport sera crée dans: C:Combofix.txt.
    • Refaire un rapport HijackThis, et poster le rapport !
    0
    1. jahlo
       
      le lien ne fonctionne pas
      0
  18. Nic00 Messages postés 1751 Statut Membre 95
     
    Apparemment non alors va sur ce site:

    https://www.jeuxvideo.com/forums/1-1-11351106-1-0-1-0-lien-pour-telecharger-combofix-svp.htm

    le lien est posté par Guibou2008 (2ème mess)
    0
    1. jahlo
       
      nico voici le rapport combofix

      ComboFix 09-01-21.04 - Soatto 2009-01-24 10:57:21.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.767.448 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Soatto\Bureau\ComboFix.exe
      AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
      AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
      * Un nouveau point de restauration a été créé
      .
      [color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
      c:\program files\SuperCopier2\SC2Hook.dll


      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Autorun.inf
      c:\documents and settings\Soatto\Application Data\inst.exe
      C:\uvsqfgwd.cmd
      c:\windows\system32\rnaph.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-24 au 2009-01-24 ))))))))))))))))))))))))))))))))))))
      .

      2009-01-24 10:40 . 2009-01-24 10:40 16,384 --a--c-t- c:\temp\Perflib_Perfdata_3c8.dat
      2009-01-24 10:27 . 2009-01-24 10:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2009-01-24 10:27 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2009-01-24 10:27 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2009-01-24 09:49 . 2009-01-24 09:49 <REP> d----c--- C:\rsit
      2009-01-24 09:49 . 2009-01-24 10:24 <REP> d-------- c:\program files\trend micro
      2009-01-24 09:09 . 2009-01-24 09:09 95,744 --a------ c:\windows\system32\nmdfgds0.VIR
      2009-01-23 21:02 . 2009-01-23 21:02 <REP> d-------- c:\documents and settings\LocalService\Bureau
      2009-01-23 20:55 . 2009-01-23 20:55 <REP> d-------- c:\program files\Avira
      2009-01-23 20:55 . 2009-01-23 20:55 <REP> d----c--- c:\documents and settings\All Users\Application Data\Avira
      2009-01-07 19:57 . 2009-01-23 20:45 <REP> d----c--- c:\temp\_avast4_

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-01-24 09:59 257,460,256 --sha-w c:\windows\system32\drivers\fidbox.dat
      2009-01-24 09:54 --------- d-----w c:\program files\SuperCopier2
      2009-01-24 09:39 2,996,732 --sha-w c:\windows\system32\drivers\fidbox.idx
      2009-01-24 09:17 --------- d-----w c:\documents and settings\Soatto\Application Data\OpenOffice.org2
      2008-12-17 10:38 --------- d-----w c:\documents and settings\Soatto\Application Data\Samsung
      2008-12-17 10:37 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
      2008-12-17 10:25 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-12-17 10:23 --------- d-----w c:\program files\Samsung
      2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
      2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
      2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
      2008-12-09 10:56 --------- d-----w c:\program files\CDBurnerXP
      2008-12-09 10:56 --------- d-----w c:\documents and settings\Soatto\Application Data\Canneverbe_Limited
      2008-12-09 10:49 --------- d-----w c:\documents and settings\Soatto\Application Data\Ahead
      2008-12-06 08:34 --------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
      2008-12-06 08:34 --------- d-----w c:\documents and settings\Soatto\Application Data\Malwarebytes
      2008-12-05 08:35 --------- dc----w c:\documents and settings\All Users\Application Data\LightScribe
      2008-12-04 22:12 410,984 ----a-w c:\windows\system32\deploytk.dll
      2008-12-04 22:12 --------- d-----w c:\program files\Java
      2008-12-04 20:20 --------- d-----w c:\documents and settings\Soatto\Application Data\Droppix
      2008-12-04 20:01 --------- d-----w c:\program files\Fichiers communs\Ahead
      2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
      2008-07-26 06:04 47,360 ----a-w c:\documents and settings\Soatto\Application Data\pcouffin.sys
      2005-09-19 11:39 44,158 ----a-w c:\program files\mozilla firefox\components\inspector.dll
      2005-02-25 08:13 56 --sha-w c:\windows\system32\71722A5033.sys
      2008-08-27 10:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082720080828\index.dat
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
      "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-24 36864]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
      "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
      "LogitechCommunicationsManager"="c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
      "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
      "LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
      "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
      "SoundMan"="SOUNDMAN.EXE" [2006-03-01 c:\windows\soundman.exe]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-24 196608]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=sockspy.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= c:\windows\system32\l3codecp.acm
      "msacm.enc"= ITIG726.acm

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
      "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
      "c:\\Program Files\\lphant\\eLePhantClient.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R1 is-7U82Ndrv;is-7U82Ndrv;c:\windows\system32\drivers\[u]0[/u]6681683.sys [2008-12-06 11:01:11 148496]
      R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [1980-01-01 84788]
      S1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys --> c:\windows\system32\drivers\pctfw2.sys [?]
      S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2005-02-27 36048]
      S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2005-05-12 260608]
      S4 NeroNET;NeroNET;c:\program files\Ahead\NeroNET\NeroNET.exe -w --> c:\program files\Ahead\NeroNET\NeroNET.exe -w [?]

      --- Autres Services/Pilotes en mémoire ---

      *Deregistered* - mchInjDrv

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da44198e-e637-11dd-b629-00115b1e9c76}]
      \Shell\AutoRun\command - F:\gy.exe
      \Shell\open\Command - F:\gy.exe
      .
      Contenu du dossier 'Tâches planifiées'

      2009-01-24 c:\windows\Tasks\AEC567CC918717F0.job
      - c:\docume~1\soatto\applic~1\oneton~1\CampObjBoob.exe []

      2009-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

      2009-01-23 c:\windows\Tasks\Maintenance en 1 clic.job
      - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{2EB8F87C-1BA4-479F-503B-20D7F34B11EE} - (no file)
      HKCU-Run-LightScribe Control Panel - c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe


      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.msn.fr/
      uInternet Settings,ProxyOverride = localhost
      uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
      IE: &Search - ?p=ZCfox000
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      TCP: {0E64D55F-8C2F-4FC0-99AE-C6095324EB44} = 212.27.54.252,212.27.53.252
      TCP: {189B9683-EB72-4930-A4C7-DE1AFC88BE2E} = 212.27.54.252,212.27.53.232
      TCP: {2C07D940-70CC-44E6-9826-D86A2CCB63B3} = 212.27.54.252,212.27.53.252
      TCP: {666FD640-7243-4E8A-8550-9951DD2141B1} = 212.27.54.252,212.27.53.252
      TCP: {B9E2F064-0967-4BFC-8F09-9FB22719A37D} = 212.27.54.252,212.27.53.252
      TCP: {FB5EE1A2-98B6-429E-9A02-CA5D80AE8BDD} = 192.168.0.254,212.27.53.252
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_9.cab
      FF - ProfilePath - c:\documents and settings\Soatto\Application Data\Mozilla\Firefox\Profiles\3ouidbnm.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://fr.blackle.com/
      FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npicdclient.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
      FF - plugin: c:\windows\system32\Rawflow\npicdclient.dll
      .

      **************************************************************************
      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés:

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
      "ImagePath"="\??\c:\docume~1\Soatto\LOCALS~1\Temp\mc21.tmp"
      .
      Heure de fin: 2009-01-24 11:00:48
      ComboFix-quarantined-files.txt 2009-01-24 10:00:47

      Avant-CF: 53 526 003 712 octets libres
      Après-CF: 53,645,750,272 octets libres

      WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

      177 --- E O F --- 2009-01-14 19:19:40
      0
  19. Nic00 Messages postés 1751 Statut Membre 95
     
    Poste un nouveau rapport hijackthis stp
    0
  20. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour jahlo,

    entre celui qui voit du vundo là où il n'y en a pas, celui qui penche pour un rootkit (il y est, il y est pas, c'est lequel) et celui qui préconise combofix (en étant incapable de donner le lien officiel de téléchargement de cet outil) au prétexte que MBAM n'a pas éradiqué le trojan (soit tu as pris le rapport trop tôt soit tu n'est allé au bout de la procédure), je comprends que tu n'y comprennes plus grand chose.

    ==========================
    tu as une infection lop : C:\WINDOWS\tasks\AEC567CC918717F0.job

    Télécharge Lop S&D ici :

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    Double-clique dessus pour lancer l'installation

    Puis double-clique [b]sur le raccourci Lop S&D/b présent sur ton bureau

    Séléctionne la langue souhaitée , puis choisis [b]l'Option 2 ( Suppression )

    Ne ferme pas la fenêtre lors de la suppression !

    Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

    Nouvelle tâche, tape explorer.exe et valide )

    =================================
    Pour le reste,

    combofix est une possibilité :

    Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    * Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

    N'oublie pas de brancher tes supports amovibles avant de lancer Combofix (ils sont infectés).

    Ni de réactiver tes protections avant de te reconnecter.

    0
    1. jahlo
       
      alors la je sais plus ou donné de la tete j ai lancé combofix fait un rapport puis lancé rsit le rapport est deja posté nico je fais quoi maintenant

      rapport rsit.exe

      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Soatto at 2009-01-24 11:11:50
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 51 GB (45%) free of 114 GB
      Total RAM: 767 MB (49% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:11:53, on 24/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\imapi.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Logitech\QuickCam10\COCIManager.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Documents and Settings\Soatto\Bureau\RSIT.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\Program Files\trend micro\Soatto.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: is-7U82N.lnk = C:\Documents and Settings\Soatto\Bureau\Virus Removal Tool\is-7U82N\startup.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: is-7U82N.lnk = C:\Documents and Settings\Soatto\Bureau\Virus Removal Tool\is-7U82N\startup.exe (User 'Default user')
      O4 - Startup: is-7U82N.lnk = C:\Documents and Settings\Soatto\Bureau\Virus Removal Tool\is-7U82N\startup.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Search - ?p=ZCfox000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jahlojahlo1975.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mistersfrance.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://assets.photobox.com/assets/activex/uploader_uni.cab
      O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0E64D55F-8C2F-4FC0-99AE-C6095324EB44}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{189B9683-EB72-4930-A4C7-DE1AFC88BE2E}: NameServer = 212.27.54.252,212.27.53.232
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2C07D940-70CC-44E6-9826-D86A2CCB63B3}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{666FD640-7243-4E8A-8550-9951DD2141B1}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B9E2F064-0967-4BFC-8F09-9FB22719A37D}: NameServer = 212.27.54.252,212.27.53.252
      O17 - HKLM\System\CCS\Services\Tcpip\..\{FB5EE1A2-98B6-429E-9A02-CA5D80AE8BDD}: NameServer = 192.168.0.254,212.27.53.252
      O18 - Protocol: bw+0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {3C316869-9BA1-4B4E-AB6C-B0FEE37F154E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
      O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)
      O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      0
  21. Nic00 Messages postés 1751 Statut Membre 95
     
    A Lyonnais92:

    si tu pouvais éviter d'en rajouter une couche inutilement, ça serait sympa (parce que là tout le monde est en-train de s'embrouiller)......

    Tkt, l'infection Lop je l'ai bien vu mais...chaque chose en son temps.....

    Il y a pas mal d'infections mais on ne peut pas tout faire en même temps ^^

    Je te laisses faire parce que le/la pauvre Jahlo va être perdue ^^

    Bonne continuation.

    A+
    0
  • 1
  • 2