Sujet Précédent Sujet Suivant

Infectee par magic control ?

Fermé
Pixilius - 25 nov. 2006 à 23:28
 Utilisateur anonyme - 26 nov. 2006 à 00:10
Bonjour à tous

J'ai grand besoin d'aide pour nettoyer mon pc.
Après avoir installé messenger skinner, des fenetres publicitaires ont commencé a appraitre sur mon pc, suite à des recherches sur internet j'ai découvert que ce logiciel contenait un trojan 'magic control', après plusieurs scan avec ad-aware+ spybot, je n'arrive pas à éradiquer le truc ....

Ci dessous mon rapport Hijack This,
Quelqu'un pourrait -il m'indiquer les lignes à supprimer, car je commence a etre deseperée ....:( ?
Merci par avance

Logfile of HijackThis v1.99.1
Scan saved at 23:24:51, on 25/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE
C:\Program Files\GlobespanVirata\XPFix.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Club-Internet\Wizard\Agent_WiFi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wireless\Client Manager\CMAGS.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QT4StBtn] C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Club-Internet\Wizard\Agent_WiFi.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Client Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107338438156
O18 - Protocol: bw+0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E4A3A2B0-F647-4188-825F-2850C24E52F8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
A voir également:

2 réponses

Réponse 1 / 2
Utilisateur anonyme
25 nov. 2006 à 23:32
Bonsoir

Poste aussi ce rapport.

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
https://www.f-secure.com/en
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres)

Copie et colle le contenu de ce rapport dans ta prochaine réponse.
1
Pixilius
26 nov. 2006 à 00:06
Merci pour ton aide
voici le rapport ,
11/25/06 23:48:55 [Info]: BlackLight Engine 1.0.47 initialized
11/25/06 23:48:55 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/25/06 23:48:55 [Note]: 7019 4
11/25/06 23:48:55 [Note]: 7005 0
11/25/06 23:49:07 [Note]: 7006 0
11/25/06 23:49:07 [Note]: 7011 1492
11/25/06 23:49:07 [Note]: 7026 0
11/25/06 23:49:07 [Note]: 7026 0
11/25/06 23:49:08 [Note]: 7024 3
11/25/06 23:49:08 [Info]: Hidden process: C:\windows\system32\nhohohpipi.exe
11/25/06 23:49:08 [Note]: FSRAW library version 1.7.1020
11/25/06 23:51:00 [Note]: 4013 48216
11/25/06 23:51:00 [Note]: 4020 46881 1376256
11/25/06 23:51:00 [Note]: 4018 46881 1376256
11/25/06 23:51:00 [Note]: 4013 48216
11/25/06 23:51:00 [Note]: 4020 46881 1376256
11/25/06 23:51:00 [Note]: 4018 46881 1376256
11/25/06 23:51:09 [Note]: 4020 48251 65536
11/25/06 23:51:09 [Note]: 4018 48251 65536
11/25/06 23:51:18 [Note]: 4020 48251 65536
11/25/06 23:51:18 [Note]: 4018 48251 65536
11/25/06 23:51:29 [Info]: Hidden file: c:\Documents and Settings\Pixilius \Local Settings\Temporary Internet Files\Con
11/25/06 23:51:29 [Note]: 10002 2
[...]
11/25/06 23:56:44 [Note]: 4020 9507 65536
11/25/06 23:56:44 [Note]: 4018 9507 65536
11/25/06 23:56:51 [Info]: Hidden file: c:\WINDOWS\Prefetch\NHOHOHPIPI.EXE-13C27537.pf
11/25/06 23:56:51 [Note]: 10002 1
11/25/06 23:57:05 [Note]: 4020 14661 65536
11/25/06 23:57:05 [Note]: 4018 14661 65536
11/25/06 23:57:13 [Note]: 4020 14661 65536
11/25/06 23:57:13 [Note]: 4018 14661 65536
11/25/06 23:57:21 [Note]: 4020 14661 65536
11/25/06 23:57:21 [Note]: 4018 14661 65536
11/25/06 23:57:30 [Note]: 4020 14661 65536
11/25/06 23:57:30 [Note]: 4018 14661 65536
11/25/06 23:57:43 [Note]: 4020 12507 65536
11/25/06 23:57:43 [Note]: 4018 12507 65536
11/25/06 23:57:46 [Info]: Hidden file: c:\WINDOWS\system32\nhohohpipi.dat
11/25/06 23:57:46 [Note]: 10002 1
11/25/06 23:57:46 [Info]: Hidden file: C:\windows\system32\nhohohpipi.exe
11/25/06 23:57:46 [Note]: 10002 1
11/25/06 23:57:47 [Info]: Hidden file: c:\WINDOWS\system32\nhohohpipi_nav.dat
11/25/06 23:57:47 [Note]: 10002 1
11/25/06 23:57:47 [Info]: Hidden file: c:\WINDOWS\system32\nhohohpipi_navps.dat
11/25/06 23:57:47 [Note]: 10002 1
11/25/06 23:59:00 [Note]: 7007 0
0
Réponse 2 / 2
Utilisateur anonyme
26 nov. 2006 à 00:10
Au travail maintenant ; )

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.


Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)


FAIS UN CLIC-DROIT sur le lien suivant
http://metallica.geekstogo.com/EGDACCESS.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note: si tu utlises Internet Explorer, lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).


Ouvre le Bloc-note et copie-colle les lignes ci-dessous 


RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nhohohpipi
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|nhohohpipi
FileDelete %SYSDIR%\nhohohpipi_navps.dat
FileDelete %SYSDIR%\nhohohpipi_nav.dat
FileDelete %SYSDIR%\nhohohpipi.dat
FileDelete %SYSDIR%\nhohohpipi.exe

FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0

SystemEmptyTempFolder
SystemEmptyRecycleBin


Sauvegarde dans le dossier créé (C:\BFU) (Nom du fichier : "Fixme.bfu " -sans inclure les guillemets- ; Type : Tous les fichiers).


$$ Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.


$$ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

--- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

EGDACCESS.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.

--- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Fixme.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci :C:\BFU\Fixme.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK

Clique Exit pour fermer le programme BFU.


$$ Redémarre normalement


Poste un nouveau hijackthis avec le rapport situé ici C:\egd.txt
1

Discussions similaires

A quoi sert ETDctrl ? Peut-on le supprimer ?
Siempre2407 -
Siempre2407 -

2 réponses
comment me débasasser de connectwise control?
Nimbus -
MisteryBean -

1 réponse
Comment enlever connecté wise control
Mamina -
bazfile -

2 réponses