Sujet Précédent Sujet Suivant

Impossible de déterminer la source du pbm

coolfinch -  
 Utilisateur anonyme -
Bonjour,

J'ai des soucis de virus sur mon ordinateur WinXP SP2. Après des fix Norton et Spybot, le problème demeure. Ci-joint ce que trouve Active Scan puis le log hijack. Si qumlequ'un a une bonne idée, je lui suis par avance très reconnaissant.

Adware:Adware/SuperSpider

C:\WINDOWS\system32\wincqt32.dll

Adware:adware/systemdoctor

c:\windows\system32\issearch.exe

Adware:adware/securityerror

c:\windows\system32\ot.ico

Dialer:Dialer.HPD

C:\Documents and Settings\Samuel\Local Settings\Temporary Internet Files\Content.IE5\INQLRNCM\srvtft[1].exe

Spyware:Spyware/Virtumonde C:\WINDOWS\system32\xxyyxxu.dll

Dialer:Dialer.GQ

C:\WINDOWS\Temp\win28D.tmp.exe
Dialer:Dialer.HPD

C:\WINDOWS\Temp\win4B.tmp.exe
Dialer:Dialer.HPD C:\WINDOWS\Temp\win4D.tmp.exe
Dialer:Dialer.HPD
C:\WINDOWS\Temp\win55.tmp.exe

----------------------------------------------------------------------- Logfile of HijackThis v1.99.1
Scan saved at 6:10:11 PM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\SourceSoft\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

6 réponses

Réponse 1 / 6
Utilisateur anonyme
 
Salut,

rien ne sera supprimé sauf si indiqué

----
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E86AD101-CAB1-4767-8675-0DB001D376AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)

Clic sur demarrer, rechercher, cherche et supprime ce fichier:

ALCXMNTR.EXE

Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système et colle le rapport ici
Ewido: (reste gratuit après la période d'essai)
Télécharger Ewido Security Suite

A++
0
Réponse 2 / 6
coolfinch
 
Merci beaucoup pour ton aide. J'ai suivi tes conseils.
Le report ewido (que des cookies) est ci-dessous. Sur hijack, je n'arrive pas à supprimer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

La ligne est toujours présente même après le fix. Est-ce normal?
Sinon je voulais savoir est-ce normal que le fichier gebyy.dll soit utilisé au lancement d'IE?

Merci encore

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:55:02 PM 9/10/2006

+ Scan result:

C:\Documents and Settings\Samuel\Cookies\samuel@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Samuel\Cookies\samuel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.

::Report end
0
Utilisateur anonyme
 
Salut,

pour cette ligne qui revient à chauqe fois [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup ce n'est pas grave ça appartient à ta carte graphique

gebyy.dll < cherche et supprime ce fichier, utilise le mode sans echec, s'il résiste à la suppression.


Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/

A++
0
Réponse 3 / 6
Coolfinch
 
Je n'arrive pas à supprimer gebyy.dll dans system32...Meme en safe mode (utilisé par un autre process).
J'ai des pop-up IE winantiviruspro et des messages pop-up qui me disent qu'il faut me protéger...
Quel moyen pour me débarraser de ce maudit fichier? J'ai essayé killbox sans succès.

Merci encore
0
Utilisateur anonyme
 
remets un rapport hijackthis, puis fais ces deux choses


Télécharge lopxp:
http://pageperso.aol.fr/balltrap34/lopxp.zip

dézippe-le sur ton bureau puis double-clic sur le fichier "lopxp.bat"
quand il à terminé, un rapport s'ouvre : fais un copier-coller puis mets le ici

Puis:


-Ouvre HijackThis

Clic sur "open the misc tools section"
Clic sur "open uninstall manager"
Clic sur "Save list" dans la fenêtre qui va s'ouvrir enregistre le fichier à un endroit ou tu le retrouvera facilement.

Ensuite, fais un copier du texte qui y aura dans ce fichier puis colles le ici stp


A++
0
Réponse 4 / 6
coolfinch
 
Ci-dessous le rapport de ton fichier lop. Et en dessous le log hijack.
Hijack this ne me dfemande pas l'emplacement ou il sauve "save list", normal?
Merci encore

--------------------------------------------------

Rapport fait à 21:14:50.76 le Mon 09/11/2006

Volume in drive C has no label.
Volume Serial Number is 3CB5-9F38

Directory of C:\Documents and Settings\All Users\Application Data

09/09/2006 07:19 PM <DIR> avg7
09/09/2006 07:19 PM <DIR> Grisoft
02/04/2006 12:15 AM <DIR> MSN6
12/10/2005 08:33 PM <DIR> Adobe Systems
12/10/2005 08:31 PM <DIR> Adobe
09/24/2005 02:37 PM <DIR> Creative
09/14/2005 12:11 AM <DIR> CyberLink
09/03/2005 01:38 PM <DIR> Skype
08/24/2005 10:44 PM <DIR> Spybot - Search & Destroy
08/23/2005 11:21 PM <DIR> Symantec
08/22/2005 08:00 PM <DIR> UDL
08/19/2005 12:46 AM 62 desktop.ini
08/19/2005 12:46 AM <DIR> Microsoft
08/19/2005 12:46 AM <DIR> ..
08/19/2005 12:46 AM <DIR> .
08/18/2005 11:50 PM <DIR> nView_Profiles
1 File(s) 62 bytes
15 Dir(s) 10704969728 bytes free
Volume in drive C has no label.
Volume Serial Number is 3CB5-9F38

Directory of C:\Documents and Settings\Celine\Application Data

08/26/2006 08:22 PM <DIR> Sun
08/07/2006 08:51 PM <DIR> CyberLink
02/25/2006 09:45 AM <DIR> Google
02/04/2006 12:15 AM <DIR> MSN6
11/07/2005 11:55 PM <DIR> AdobeUM
09/23/2005 08:56 PM <DIR> Smart Panel
09/09/2005 07:34 PM <DIR> Macromedia
09/03/2005 01:49 PM <DIR> Adobe
09/03/2005 01:38 PM <DIR> Skype
08/22/2005 11:06 PM <DIR> Help
08/21/2005 10:47 PM <DIR> Identities
08/21/2005 10:47 PM 62 desktop.ini
08/21/2005 10:47 PM <DIR> Microsoft
08/21/2005 10:47 PM <DIR> .
08/21/2005 10:47 PM <DIR> ..
1 File(s) 62 bytes
14 Dir(s) 10704969728 bytes free
Volume in drive C has no label.
Volume Serial Number is 3CB5-9F38

Directory of C:\Documents and Settings\Default User\Application Data

08/19/2005 12:46 AM 62 desktop.ini
08/19/2005 12:46 AM <DIR> ..
08/19/2005 12:46 AM <DIR> Microsoft
08/19/2005 12:46 AM <DIR> .
1 File(s) 62 bytes
3 Dir(s) 10704969728 bytes free
Volume in drive C has no label.
Volume Serial Number is 3CB5-9F38

Directory of C:\Documents and Settings\Samuel\Application Data

09/09/2006 07:19 PM <DIR> AVG7
08/18/2006 09:23 PM <DIR> Azureus
04/03/2006 09:12 PM <DIR> Sun
12/19/2005 11:57 PM <DIR> Real
12/15/2005 08:51 PM <DIR> Google
11/14/2005 10:56 PM <DIR> WIS
10/22/2005 04:53 PM <DIR> Smart Panel
09/28/2005 11:32 PM <DIR> Help
09/15/2005 06:53 PM <DIR> AdobeUM
09/14/2005 12:13 AM <DIR> CyberLink
09/05/2005 10:54 PM <DIR> Macromedia
09/03/2005 08:15 PM <DIR> Skype
08/25/2005 08:34 PM <DIR> Ahead
08/23/2005 11:21 PM <DIR> Symantec
08/22/2005 11:28 PM <DIR> Adobe
08/22/2005 08:28 PM <DIR> FotoWire
08/18/2005 11:10 PM <DIR> Identities
08/18/2005 11:10 PM 62 desktop.ini
08/18/2005 11:10 PM <DIR> ..
08/18/2005 11:10 PM <DIR> .
08/18/2005 11:10 PM <DIR> Microsoft
1 File(s) 62 bytes
20 Dir(s) 10704969728 bytes free
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Volume in drive C has no label.
Volume Serial Number is 3CB5-9F38

Directory of C:\WINDOWS\Tasks

08/18/2005 11:03 PM 6 SA.DAT
08/18/2005 11:01 PM 65 desktop.ini
08/18/2005 11:01 PM <DIR> ..
08/18/2005 11:01 PM <DIR> .
2 File(s) 71 bytes
2 Dir(s) 10,704,965,632 bytes free

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

----------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:17:29 PM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\SourceSoft\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
0
Utilisateur anonyme
 
Salut,

bon je vois plus rien de suspect parcontre tu es encore infecté vu ce que tu dis

fait ça pour voir ou se cachent ses salopries

Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

_Online Scanner
_Kaspersky Online Scanner
_My Computer

https://www.kaspersky.fr/downloads
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
coolfinch
 
Bonsoir ,

Voici le bilan du scan kaspersky:

Scan Statistics:
Total number of scanned objects: 123774
Number of viruses found: 7
Number of infected objects: 14 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:59:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Samuel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Samuel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Samuel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Samuel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Samuel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Samuel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Samuel\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\epson\EPSON PhotoQuicker3.5\Config\User\Celine.pq3 Object is locked skipped
C:\Program Files\ISS\BlackICE\blackice-service.log Object is locked skipped
C:\Program Files\ISS\BlackICE\rapapp.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP374\A0047768.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP375\A0048758.dll Object is locked skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP375\A0048759.exe Object is locked skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP375\A0048773.dll Infected: Trojan-Downloader.Win32.Zlob.aix skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP375\A0048775.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP375\A0048780.dll Object is locked skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP375\A0048782.dll Object is locked skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP375\A0048791.as Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP376\A0048806.exe Object is locked skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP376\A0048808.dll Object is locked skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP376\A0049098.exe Object is locked skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP377\A0049976.dll Object is locked skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP377\A0050001.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP377\A0050002.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP377\A0050003.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{253577C6-8985-4093-A9BB-3DC758FAF5D4}\RP380\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xxyyxxu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\SourceSoft\radmin201\radmin201.exe/R_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
D:\SourceSoft\radmin201\radmin201.exe/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
D:\SourceSoft\radmin201\radmin201.exe/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
D:\SourceSoft\radmin201\radmin201.exe/Radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
D:\SourceSoft\radmin201\radmin201.exe ViseMan: infected - 4 skipped
D:\SourceSoft\radmin201\radmin201.exe ViseMan: infected - 4 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
0
Utilisateur anonyme
 
Salut,

cherche et supprime ce fichier:

xxyyxxu.dll


Créer un nouveau point de restauration sur chaque disque dur/partition que tu as


Alors ceci; C:\System Volume Information\_restore indique que ta restauration du systeme etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.

Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du systeme"

¤ coches la case "desactiver la Restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ decoches la case et clic sur "appliquer" puis "ok".

Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:

Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créer si un jour tu décides tu pourra revenir en arriere à la date que tu l'as créer donc à ce jour; en fesant la marche arriére tu pourra remettre ton ordinateur à la date ou l'on à créer ce point de restauration mais tu perdra les modifications que tu aura faites entre deux.


Puis ça devrait être bon :-)
0
Réponse 6 / 6
coolfinch
 
J'ai réalisé les opérations décrites, mais le problème demeure: une pop-up qui dit que je ne suis pas protégé (si je la ferme une page web s'ouvre mais l'activeX est bloqué). Sinon la page Winantivirus pro 2006 s'ouvre (la-aussi l'active X est bloqué). parfois j'ai d'autres pages web qui apparraissent. Je ne vois pas trop ce que je peux faire de plus. Je pense qu'il faudrait vraiment que je trouve le moyen de me débarrasser de gebyy.dll. Tout est lié à mon Internet explorer j'ai l'impression...J'installe firefox?
Sinon ca me laisse faire un format C: et tout rénstaller c'est ca?

Merci encore pour ton aide
0
Utilisateur anonyme
 
on va encore d'autre chose :-)

Télécharges Blacklight et sauvegarde le sur ton bureau.
https://www.f-secure.com/en
Double cliques sur " blbeta.exe " et acceptes la licence; clic sur "Scan" puis "Next"

Un rapport, va se créer sur ton bureau "fslb-....."

Copies et colles le contenu de ce rapport ici.

Ne touche à rien d'autre
0

Discussions similaires

[référencement] Ne pas être référencé
kij_82 -
Searaphina -

10 réponses
cellule lié excel ouverture automatique
woutz -
Eric -

8 réponses
Trouver le code source d'une page internet.
Aline² -
parzaal -

9 réponses
ne pas indexer les pages dans les moteurs de recherche
ilyasoksuz -
bg62 -

7 réponses
comment aller sur hdmi sans telecommande
alexandre ditraser -
Alex -

7 réponses