Virus W32 nebuler et backdoor.wrag
Résolu
zabo32
Messages postés
45
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai sur mon PC 2 virus qui me pourrissent la vie: W32.nebuler et backdoor.wrag (détecté par zeropsyware, mon antispyware). J'ai fait appel à hijackThis et voici le rapport. Si quelqu'un à une idée comment me débarasser de ces bestioles !!!
Merci d'avance.
Zabo
J'ai sur mon PC 2 virus qui me pourrissent la vie: W32.nebuler et backdoor.wrag (détecté par zeropsyware, mon antispyware). J'ai fait appel à hijackThis et voici le rapport. Si quelqu'un à une idée comment me débarasser de ces bestioles !!!
Merci d'avance.
Zabo
A voir également:
- Virus W32 nebuler et backdoor.wrag
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Message virus iphone ✓ - Forum Virus
6 réponses
Salut,
j'ai vu ton rapport, commence par désactiver le pare-feu de Windows(SP2) car il ne sert à rien puis installe celui-ci
Kerio: (pare-feu, qui reste gratuit après la periode d'essai!)
Kerio Personal Firewall
-tutorial: pour configurer et comprendre l'utilisation de Kerio
https://kerio.probb.fr/
Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici avec un nouveau rapport hijackthis
Ewido: (reste gratuit après la période d'essai)
Télécharger Ewido Security Suite
j'ai vu ton rapport, commence par désactiver le pare-feu de Windows(SP2) car il ne sert à rien puis installe celui-ci
Kerio: (pare-feu, qui reste gratuit après la periode d'essai!)
Kerio Personal Firewall
-tutorial: pour configurer et comprendre l'utilisation de Kerio
https://kerio.probb.fr/
Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici avec un nouveau rapport hijackthis
Ewido: (reste gratuit après la période d'essai)
Télécharger Ewido Security Suite
Salut,
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=gb&toHttps=1&redig=7AEAA56F9997403B9E4D9BF0646C1EB9
R3 - URLSearchHook: (no name) - {9319E3AA-221D-0198-10F4-74E29F7175B2} - C:\WINDOWS\system32\satej.dll (file missing)
O4 - Startup: microsoft outlook.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Startup: outicon.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_inst...
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12838be1816f2a23e906/netzip/RdxIE601_fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
toutes les O18
Clique sur demarrer, rechercher, cherche et supprime ce fichier si présent:
outicon.exe
Ensuite,
telecharge
http://www.atribune.org/ccount/click.php?id=4
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toi même
Une fois qu'il a redemarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=gb&toHttps=1&redig=7AEAA56F9997403B9E4D9BF0646C1EB9
R3 - URLSearchHook: (no name) - {9319E3AA-221D-0198-10F4-74E29F7175B2} - C:\WINDOWS\system32\satej.dll (file missing)
O4 - Startup: microsoft outlook.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Startup: outicon.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_inst...
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12838be1816f2a23e906/netzip/RdxIE601_fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
toutes les O18
Clique sur demarrer, rechercher, cherche et supprime ce fichier si présent:
outicon.exe
Ensuite,
telecharge
http://www.atribune.org/ccount/click.php?id=4
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toi même
Une fois qu'il a redemarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp
Salut,
Bon, j'ai relancé HijackThis, checké les lignes, essayé de trouver outicon.exe (pas trouvé avec demarrer rechercher). fais un scan avec Vundofix et delete les fichiers qu'il m'a trouvé.
A ce stade j'ai une fenêtre de VundoFix qui s'est ouverte me disant:
"C:\windows\system32\awtttst.dll could not be deleted, VundoFix will load on reboot to attempt removal. Please click Scan for Vundo"
Voilà. Là dessus j'ai éteint et rallumé mon PC lancé un HijackThis. Voilà les 2 rapports...
Je sais pas si j'suis reçu ou collé !!!
@+
VundoFix V6.1.5
Checking Java version...
Scan started at 16:07:25 20/09/2006
Listing files found while scanning....
C:\WINDOWS\system32\awtttst.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\winzoa32.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtttst.dll
C:\WINDOWS\system32\awtttst.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\winzoa32.dll
C:\WINDOWS\system32\winzoa32.dll Has been deleted!
Performing Repairs to the registry.
Done!
*****************************************************
Logfile of HijackThis v1.99.1
Scan saved at 16:27:11, on 20/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Documents and Settings\Yann\Mes documents\Mes fichiers reçus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\zsscheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Popup-corn] "C:\Program Files\Popup-corn\Popup-corn.exe" -silent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Bon, j'ai relancé HijackThis, checké les lignes, essayé de trouver outicon.exe (pas trouvé avec demarrer rechercher). fais un scan avec Vundofix et delete les fichiers qu'il m'a trouvé.
A ce stade j'ai une fenêtre de VundoFix qui s'est ouverte me disant:
"C:\windows\system32\awtttst.dll could not be deleted, VundoFix will load on reboot to attempt removal. Please click Scan for Vundo"
Voilà. Là dessus j'ai éteint et rallumé mon PC lancé un HijackThis. Voilà les 2 rapports...
Je sais pas si j'suis reçu ou collé !!!
@+
VundoFix V6.1.5
Checking Java version...
Scan started at 16:07:25 20/09/2006
Listing files found while scanning....
C:\WINDOWS\system32\awtttst.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\winzoa32.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtttst.dll
C:\WINDOWS\system32\awtttst.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\winzoa32.dll
C:\WINDOWS\system32\winzoa32.dll Has been deleted!
Performing Repairs to the registry.
Done!
*****************************************************
Logfile of HijackThis v1.99.1
Scan saved at 16:27:11, on 20/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Documents and Settings\Yann\Mes documents\Mes fichiers reçus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\zsscheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Popup-corn] "C:\Program Files\Popup-corn\Popup-corn.exe" -silent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Salut,
ton rapport Hijackthis est ok.
Peuc tu refaire un rapport avec VundoFix et le coller ici
puis:
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
ton rapport Hijackthis est ok.
Peuc tu refaire un rapport avec VundoFix et le coller ici
puis:
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Salut,
Mon rapport VundoFix est propre (donc pas de rapport). Par contre j'ai landé ewido et il m'a trouvé Dropper.small et Trojan.BHO.g (je joins le rapport) et quant à Bitdefender... Il m'a trouvé 7 virus !!! C'est de l'harcelement !!! Fais chier...
@+
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 16:46:32 21/09/2006
+ Scan result:
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005581.dll -> Adware.Virtumionde : Cleaned.
C:\VundoFix Backups\awtttst.dll.bad -> Adware.Virtumionde : Cleaned.
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned.
C:\WINDOWS\system32\bcvtqppw.dll -> Trojan.BHO.g : Cleaned.
::Report end
******************************************************
BitDefender Online Scanner
Scan report generated at: Thu, Sep 21, 2006 - 17:40:01
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:07:58
Files
286372
Folders
4282
Boot Sectors
3
Archives
11059
Packed Files
27096
Results
Identified Viruses
7
Infected Files
13
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
13
Engines Info
Virus Definitions
455294
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip=>wiv.txt .scr
Infected with: Win32.Worm.Mytob.IB.Damaged
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip=>wiv.txt .scr
Disinfection failed
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip=>wiv.txt .scr
Deleted
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip
Updated
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)
Updated
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)
Updated
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\Yann\Application Data\PPPATC~1\services.exe
Infected with: Trojan.Clspring.BU
C:\Documents and Settings\Yann\Application Data\PPPATC~1\services.exe
Disinfection failed
C:\Documents and Settings\Yann\Application Data\PPPATC~1\services.exe
Deleted
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Infected with: Win32.Worm.Bagle.CL
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Disinfection failed
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Deleted
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip
Updated
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)
Updated
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx
Update failed
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Infected with: Win32.Worm.Bagle.CL
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Deleted
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip
Updated
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)
Updated
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)
Updated
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx
Update failed
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc5.bad
Infected with: Trojan.Dropper.Pakes.BJ
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc5.bad
Disinfection failed
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc5.bad
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps=>(gzip)
Infected with: Trojan.Starter.V
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps=>(gzip)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps=>(gzip)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps
Update failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.PurityScan.AR
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005580.dll
Infected with: Trojan.Dropper.Pakes.BJ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005580.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005580.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006745.exe
Infected with: Trojan.Clspring.BU
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006745.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006745.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006746.exe
Infected with: Trojan.Dropper.AY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006746.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006746.exe
Deleted
C:\WINDOWS\system32\zsfiles\00005.rps=>(gzip)
Infected with: Trojan.Starter.V
C:\WINDOWS\system32\zsfiles\00005.rps=>(gzip)
Disinfection failed
C:\WINDOWS\system32\zsfiles\00005.rps=>(gzip)
Deleted
C:\WINDOWS\system32\zsfiles\00005.rps
Updated
C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)=>lzma_solid_nsis0003
Infected with: Trojan.Starter.V
C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)=>lzma_solid_nsis0003
Disinfection failed
C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)=>lzma_solid_nsis0003
Deleted
C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)
Update failed
C:\WINDOWS\system32\zsfiles\00060.rps=>(gzip)
Infected with: Trojan.Starter.V
C:\WINDOWS\system32\zsfiles\00060.rps=>(gzip)
Disinfection failed
C:\WINDOWS\system32\zsfiles\00060.rps=>(gzip)
Deleted
C:\WINDOWS\system32\zsfiles\00060.rps
Updated
Mon rapport VundoFix est propre (donc pas de rapport). Par contre j'ai landé ewido et il m'a trouvé Dropper.small et Trojan.BHO.g (je joins le rapport) et quant à Bitdefender... Il m'a trouvé 7 virus !!! C'est de l'harcelement !!! Fais chier...
@+
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 16:46:32 21/09/2006
+ Scan result:
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005581.dll -> Adware.Virtumionde : Cleaned.
C:\VundoFix Backups\awtttst.dll.bad -> Adware.Virtumionde : Cleaned.
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned.
C:\WINDOWS\system32\bcvtqppw.dll -> Trojan.BHO.g : Cleaned.
::Report end
******************************************************
BitDefender Online Scanner
Scan report generated at: Thu, Sep 21, 2006 - 17:40:01
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:07:58
Files
286372
Folders
4282
Boot Sectors
3
Archives
11059
Packed Files
27096
Results
Identified Viruses
7
Infected Files
13
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
13
Engines Info
Virus Definitions
455294
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip=>wiv.txt .scr
Infected with: Win32.Worm.Mytob.IB.Damaged
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip=>wiv.txt .scr
Disinfection failed
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip=>wiv.txt .scr
Deleted
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip
Updated
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)
Updated
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)
Updated
C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\Yann\Application Data\PPPATC~1\services.exe
Infected with: Trojan.Clspring.BU
C:\Documents and Settings\Yann\Application Data\PPPATC~1\services.exe
Disinfection failed
C:\Documents and Settings\Yann\Application Data\PPPATC~1\services.exe
Deleted
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Infected with: Win32.Worm.Bagle.CL
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Disinfection failed
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Deleted
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip
Updated
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)
Updated
C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx
Update failed
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Infected with: Win32.Worm.Bagle.CL
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Deleted
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip
Updated
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)
Updated
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)
Updated
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx
Update failed
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc5.bad
Infected with: Trojan.Dropper.Pakes.BJ
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc5.bad
Disinfection failed
C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc5.bad
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps=>(gzip)
Infected with: Trojan.Starter.V
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps=>(gzip)
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps=>(gzip)
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps
Update failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.PurityScan.AR
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005580.dll
Infected with: Trojan.Dropper.Pakes.BJ
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005580.dll
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005580.dll
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006745.exe
Infected with: Trojan.Clspring.BU
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006745.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006745.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006746.exe
Infected with: Trojan.Dropper.AY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006746.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006746.exe
Deleted
C:\WINDOWS\system32\zsfiles\00005.rps=>(gzip)
Infected with: Trojan.Starter.V
C:\WINDOWS\system32\zsfiles\00005.rps=>(gzip)
Disinfection failed
C:\WINDOWS\system32\zsfiles\00005.rps=>(gzip)
Deleted
C:\WINDOWS\system32\zsfiles\00005.rps
Updated
C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)=>lzma_solid_nsis0003
Infected with: Trojan.Starter.V
C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)=>lzma_solid_nsis0003
Disinfection failed
C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)=>lzma_solid_nsis0003
Deleted
C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)
Update failed
C:\WINDOWS\system32\zsfiles\00060.rps=>(gzip)
Infected with: Trojan.Starter.V
C:\WINDOWS\system32\zsfiles\00060.rps=>(gzip)
Disinfection failed
C:\WINDOWS\system32\zsfiles\00060.rps=>(gzip)
Deleted
C:\WINDOWS\system32\zsfiles\00060.rps
Updated
Salut,
fait ça
Pour afficher tous les dossiers et fichiers cachés;
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
"
Coche:
¤ afficher les fichiers et dossiers cachés
Clic sur "appliquer" puis "ok"
__
Clic sur demarrer, poste de travail, C:, documents and settings, Yann, Local Settings, Application Data, Identities, {36610057-F0F7-45B1-BC6F-168B6A97D8C8}, Microsoft, vide le dossier --> Outlook Express
Clic sur demarrer, poste de travail, C:, Windowds, System32, cherche et supprime ce dossier:
zsfiles
**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement
puis finit par ça:
Alors ceci; C:\System Volume Information\_restore(voir rapport Bitdefender) indique que ta restauration du systeme etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du systeme"
¤ coches la case "desactiver la Restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ decoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créer si un jour tu décides tu pourra revenir en arriere à la date que tu l'as créer donc à ce jour; en fesant la marche arriére tu pourra remettre ton ordinateur à la date ou l'on à créer ce point de restauration mais tu perdra les modifications que tu aura faites entre deux.
fait ça
Pour afficher tous les dossiers et fichiers cachés;
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
"
Coche:
¤ afficher les fichiers et dossiers cachés
Clic sur "appliquer" puis "ok"
__
Clic sur demarrer, poste de travail, C:, documents and settings, Yann, Local Settings, Application Data, Identities, {36610057-F0F7-45B1-BC6F-168B6A97D8C8}, Microsoft, vide le dossier --> Outlook Express
Clic sur demarrer, poste de travail, C:, Windowds, System32, cherche et supprime ce dossier:
zsfiles
**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement
puis finit par ça:
Alors ceci; C:\System Volume Information\_restore(voir rapport Bitdefender) indique que ta restauration du systeme etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du systeme"
¤ coches la case "desactiver la Restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ decoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créer si un jour tu décides tu pourra revenir en arriere à la date que tu l'as créer donc à ce jour; en fesant la marche arriére tu pourra remettre ton ordinateur à la date ou l'on à créer ce point de restauration mais tu perdra les modifications que tu aura faites entre deux.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut,
Merci beaucoup pour toutes tes explications l'ami. Une dernière avant de te laisser tranquille!!! Comment je peux revenir en arrière si un jour je souhaite/ à la création de mon point de restauration. Il s'est enregistré quelque part dans mon PC ???
Merci pour tout et au plaisir de pas te revoir...tu m'en voudras pas !!! Ciao, ciao...
Merci beaucoup pour toutes tes explications l'ami. Une dernière avant de te laisser tranquille!!! Comment je peux revenir en arrière si un jour je souhaite/ à la création de mon point de restauration. Il s'est enregistré quelque part dans mon PC ???
Merci pour tout et au plaisir de pas te revoir...tu m'en voudras pas !!! Ciao, ciao...
Salut,
regarde ici, bas de page :-)
https://kerio.probb.fr/t15-la-restauration-du-systme-sous-xp-et-vista
A++
regarde ici, bas de page :-)
https://kerio.probb.fr/t15-la-restauration-du-systme-sous-xp-et-vista
A++
J'ai lancé scan ewido, je joins le rapport et j'ai téléchargé Kéria (vraiment top ce logiciel !).
Je lance un hijackThis et joins également le rapport.
Après je vais voir si j'ai toujours mes Trojan...
En espérant que non !!!
@+
PS1:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 13:01:35 19/09/2006
+ Scan result:
C:\WINDOWS\system32\awtttst.dll -> Adware.Virtumionde : Cleaned.
C:\WINDOWS\system32\pmnkihh.dll -> Adware.Virtumionde : Cleaned.
C:\WINDOWS\Temp\idd100.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd101.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd10D.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd122.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd140.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd155.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd173.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd188.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd1A6.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd1BB.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd1D9.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd1EE.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd20C.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd221.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd23F.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd254.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd272.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd287.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd2A5.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd2BA.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd2D8.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd2ED.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd30B.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd320.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd33E.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd353.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd371.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd386.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd3A4.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd3B9.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd3D7.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd3EC.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd40A.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd41F.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd43D.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd452.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd470.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd485.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd4A3.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd4B8.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\iddE9.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\iddFC.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\__delete_on_reboot__w_i_n_E_8_._t_m_p_._e_x_e_ -> Dialer.IDialer.m : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Cleaned.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005179.exe -> Trojan.Starter.65 : Cleaned.
::Report end
PS2:
Logfile of HijackThis v1.99.1
Scan saved at 13:07:13, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\FBM Software\ZeroSpyware\ZeroSpyware.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\RunDll32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Yann\Mes documents\Mes fichiers reçus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=gb&toHttps=1&redig=7AEAA56F9997403B9E4D9BF0646C1EB9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9319E3AA-221D-0198-10F4-74E29F7175B2} - C:\WINDOWS\system32\satej.dll (file missing)
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\awtttst.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\Program Files\FBM Software\ZeroSpyware\zsscheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Popup-corn] "C:\Program Files\Popup-corn\Popup-corn.exe" -silent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: microsoft outlook.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Startup: outicon.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_inst...
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12838be1816f2a23e906/netzip/RdxIE601_fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O18 - Protocol: bw+0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awtttst - C:\WINDOWS\SYSTEM32\awtttst.dll
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Bon apparemment suis toujours infecté... J'ai cette fenêtre d'un site me proposant ces services d'antivirus me disant que je suis infecté par des centaines de virus !!! et ca me plante internet et me fais ramer...
J'ai beau être matinal... j'ai mal !!!
pffffffffff........
a+