Merci d'avance pour aide sur log HijackthisFermé

Question

Coucou tout le monde,

Je vous remercie d'avance pour les conseil et l'aide que vous pourrez m'apporter. Mon ordi est infecté. J'ai installé ad-aware, spybot, avast, ccleaner.

Voici mon log Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 13:30:35, on 10/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\kybrdff_e154.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:
wnmff_e33.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files
eobe Backup
eobebackup.exe
c:\kybrdff_e156.exe
c:\dfndrff_156.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\e-schwebel\Bureau\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yourstartingpage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [keyboard] c:\kybrdff_e156.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ctdf1c37] RUNDLL32.EXE w107df78.dll,n 005f1c320000000a107df78
O4 - HKLM\..\Run: [newname] C:\nwnmff_e33.exe
O4 - HKLM\..\Run: [defender] c:\dfndrff_156.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: ["neobebackup.exe"] C:\Program Files
eobe Backup
eobebackup.exe -min
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher avec Google... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin
pjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.em-lyon.net
O16 - DPF: Interface Chat Voila - http://chat4.x-echo.com/version8/Applet/vchatsign.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CE7A7AF-8C5E-48CF-AE30-8FC6F01C27E3} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4fr.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = education.em-lyon.priv
O17 - HKLM\Software\..\Telephony: DomainName = education.em-lyon.priv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = education.em-lyon.priv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = education.em-lyon.priv
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = education.em-lyon.priv
O18 - Protocol: bw+0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avpe32 - avpe32.dll (file missing)
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\lv4609hse.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Utilisateur anonyme · Answer

Bonjour

Au moins deux infections différentes.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.


$$ Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)


$$ FAIS UN CLIC-DROIT sur le lien suivant
http://metallica.geekstogo.com/alcanshorty.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger Alcanshorty.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note: si tu utlises Internet Explorer, lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Alcanshorty.bfu et BFU.exe (très important).


$$ Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
*  Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
#Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.


$$ Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.


$$ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Alcanshorty.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Alcanshorty.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.


$$ Démarre ton PC normalement.


$$ Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe 
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. 

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le rapport situé ici : C:\Look2Me-Destroyer.txt.

green day · Answer

Salut

tu es bien infecté !!

Télécharge haxfix.exe (par Marckie). 

http://users.telenet.be/marcvn/tools/haxfix.exe 

Sauvegarde le sur ton Bureau. 
Double clique sur haxfix.exe afin de l'installer (par défaut, il s'installe dans C:\Program Files). 
Lorsqu'installé, assure toi que "Launch HaxFix" soit coché (la boîte est cochée par défaut). 
Une fenêtre "DOS" avec fond rouge va apparaître. 
Tu verras "Press any key to continue.."; appuie sur une touche du clavier pour continuer. 
Ce message s'affichera : 

Insert the haxdoor notify subkey without the numbers, 
and then press enter: 

Tu dois taper ceci : avpe 
Appuie sur "Entrée". 

Si l'infection est identifiée, tu verras un message te demandant de fermer toutes les fenêtres ("Close all windows"). 
Ferme les toutes, sauf la fenêtre DOS avec fond rouge (l'outil), et appuie sur "Entrée". 
Ton PC va redémarrer. 
Après le redémarrage, poste (copie/colle) le contenu du rapport, situé ici : C:\haxfix.txt

++

blazdelire · Answer

Laquelle de vos 2 réponses suivre?

Ou si les 2 sont compatibles, laquelle en priorité?

Merci d'avance

Utilisateur anonyme · Answer

Re

Hello Green Day 

Commence par ma manip avec BFU et Look2me Destroyer.
On verra ensuite pour haxfix.

green day · Answer

re


tu as plusieurs infections !

 commance par la manip de Chercheurbis stp

++

Utilisateur anonyme · Answer

On n'arrête pas de se croiser ;-)

green day · Answer

Lol 

 heureusement qu'on est synchro ;->

++

blazdelire · Answer

Chercheurbis > Look2meDestroyer ne veut pas se lancer apres 1 minute voire 2 d'attente (plusieurs essais)

Que faire?

blazdelire · Answer

Fausse alerte.
8eme essai, ca marche

je reviens vers vous

blazdelire · Answer

je vous écris d'un autre ordi.

Je suis bloqué à l'ouverture de session du mode sans échec.
Aie aie aie

voila le message:

Message d'ouverture de session:
Le système n'a pas pu ouvrir de session. Assurez-vous que le nom d'utilisateur et le domaine sont corrects, puis entrez de nouveau votre mot de passe. Entrez le mot de passe en respectant la casse.

blazdelire · Answer

HELP ! PLEASE!

green day · Answer

re

 passe à  Combofix.exe, des fois que ça debloque la situation ...

++

blazdelire · Answer

1. Je peux pas lancer BFU en mode normal?

pourquoi forcément en mode sans échec?

2. Si c'est pas possible, c pas un pb d'avoir fait Lookme2destroyer sans BFU puis de passer à combofix?

blazdelire · Answer

c'est la première fois que j'utilise ce forum donc je sais pas si ca se fait mais je poste un message pour remonter dans la liste et qu'on ne m'oublie pas:

 
1. Je peux pas lancer BFU en mode normal? 

pourquoi forcément en mode sans échec? 

2. Si c'est pas possible, c pas un pb d'avoir fait Lookme2destroyer sans BFU puis de passer à combofix?

green day · Answer

lol

oui, c'est permis de faire des "up" à son message :-)

 et je te vois, mais je suis sur plusieurs postes en même temps, donc ...


1/ le faire en mode sans echec permet d'être sur que tous les fichiers seront supprimé, alors qu'en mode normal, il y aura peut être des soucis

2/non, pas de soucis !

++

Utilisateur anonyme · Answer

Re

Fais BFU en mode normal et Combofix ensuite.

blazdelire · Answer

Me revoila pour de nouvelles aventures (ps: greenday, chercheurbis et tous les autres, je vous admire pour le temps que vous passez à nous aider. encore merci) Après avoir fait Look2medestroyer, BFU et combofix, voici dans l'ordre, un nouveau log hijack en 1, le combofix en 2 et le look2medestroyer.txt en 3 1 Logfile of HijackThis v1.99.1 Scan saved at 20:34:16, on 10/01/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Softwin\BitDefender8\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files eobe Backup eobebackup.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\e-schwebel\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yourstartingpage.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ctdf1c37] RUNDLL32.EXE w107df78.dll,n 005f1c320000000a107df78 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: ["neobebackup.exe"] C:\Program Files eobe Backup eobebackup.exe -min O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar oolbar.dll/SEARCH.HTML O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Rechercher avec Google... - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin pjpi150_06.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin pjpi150_06.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.em-lyon.net O16 - DPF: Interface Chat Voila - http://chat4.x-echo.com/version8/Applet/vchatsign.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CE7A7AF-8C5E-48CF-AE30-8FC6F01C27E3} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4fr.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = education.em-lyon.priv O17 - HKLM\Software\..\Telephony: DomainName = education.em-lyon.priv O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = education.em-lyon.priv O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = education.em-lyon.priv O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = education.em-lyon.priv O18 - Protocol: bw+0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {7D715A5E-0D30-405C-9EED-4C56036A78E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: avpe32 - avpe32.dll (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) 2 Combofix E-SCHWEBEL - 07-01-10 16:39:29,33 Service Pack 1 ComboFix 06.11.27 - Running from: "C:\Documents and Settings\e-schwebel\Bureau" ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) Granting sedebugprivilege to Administrateurs ... successful ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\e-schwebel\Application Data\Dxccwrd.dll C:\Documents and Settings\e-schwebel\Application Data\Dxcdmns.dll C:\Documents and Settings\e-schwebel\Application Data\Dxcknwrd.dll C:\Documents and Settings\e-schwebel\Application Data\Dxcuknwrd.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Cowabanga C:\Program Files\Deskbar ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\Documents and Settings\e-schwebel\Application Data\FNTS~1 C:\QooBox\Purity\Documents and Settings\e-schwebel\Application Data\RACLE~1 C:\QooBox\Purity\Documents and Settings\e-schwebel\Application Data\SCURIT~1 C:\QooBox\Purity\Documents and Settings\e-schwebel\Application Data\SSTEM3~1 C:\QooBox\Purity\Documents and Settings\e-schwebel\Application Data\STEM~1 C:\QooBox\Purity\Documents and Settings\e-schwebel\Mes documents\ICROSO~1.NET C:\QooBox\Purity\Documents and Settings\e-schwebel\Mes documents\PPPATC~1 C:\QooBox\Purity\Program Files\SEMBLY~1 C:\QooBox\Purity\Program Files\STEM~1 C:\QooBox\Purity\Program Files\WNSXS~1 C:\QooBox\Purity\WINDOWS\CROSOF~1 C:\QooBox\Purity\WINDOWS\ECURIT~1 C:\QooBox\Purity\WINDOWS\ICROSO~1.NET C:\QooBox\Purity\WINDOWS\MCROSO~1 C:\QooBox\Purity\WINDOWS\RACLE~1 C:\QooBox\Purity\WINDOWS\YMBOLS~1 C:\QooBox\Purity\WINDOWS\YSTEM3~1 C:\QooBox\Purity\WINDOWS\system32\FNTS~1 C:\QooBox\Purity\WINDOWS\system32\ICROSO~1 C:\QooBox\Purity\WINDOWS\system32\PPATCH~1 C:\QooBox\Purity\WINDOWS\system32\PPPATC~1 C:\QooBox\Purity\WINDOWS\system32\SSEMBL~1 C:\QooBox\Purity\WINDOWS\system32\TSKS~1 ((((((((((((((((((((((((((((((( Files Created from 2006-12-10 to 2007-01-10 )))))))))))))))))))))))))))))))))) 2007-01-10 16:38 d-------- C:\bintheredunthat 2007-01-10 15:00 d-------- C:\BFU 2007-01-09 15:58 46,592 --a------ C:\WINDOWS\system32\zlbw.dll 2007-01-09 15:55 4,608 --a------ C:\WINDOWS\system32\adir.dll 2007-01-09 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-01-09 14:00 d-------- C:\Program Files\Grisoft 2007-01-09 13:00 dr-h----- C:\Documents and Settings\e-schwebel\Recent 2007-01-09 12:34 d-------- C:\Program Files\CCleaner 2007-01-08 15:02 d-------- C:\Program Files\àdobe 2007-01-07 19:49 d-------- C:\Documents and Settings\e-schwebel\Application Data eobe Backup 2007-01-07 19:48 d-------- C:\Program Files eobe Backup 2006-12-25 21:10 d-------- C:\WINDOWS\system32\àppPatch (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-10 16:38 -------- d-a------ C:\Program Files\Common Files 2007-01-10 16:17 -------- d-------- C:\Program Files\Mozilla Firefox 2007-01-09 15:53 -------- d-------- C:\Program Files\AVG Anti-Spyware 7.5 2007-01-09 15:50 -------- d-------- C:\Program Files\Fichiers communs uqw 2007-01-09 13:16 -------- d-------- C:\Program Files\Spybot - Search & Destroy 2007-01-09 11:57 2 --a------ C:\WINDOWS\system32\wcptr.exe 2007-01-08 21:49 -------- d-------- C:\Documents and Settings\e-schwebel\Application Data\Azureus 2007-01-04 18:17 -------- d-------- C:\Documents and Settings\e-schwebel\Application Data\Adobe 2007-01-01 23:39 -------- d---s---- C:\Documents and Settings\e-schwebel\Application Data\Microsoft 2006-12-05 00:42 -------- d-------- C:\Documents and Settings\e-schwebel\Application Data\Google 2006-12-03 14:19 -------- d-------- C:\Documents and Settings\e-schwebel\Application Data\Apple Computer 2006-11-28 12:37 -------- d-------- C:\Program Files\eMule 2006-11-28 07:11 -------- d-------- C:\Program Files\Azureus 2006-11-21 21:51 -------- d-------- C:\Program Files\iTunes 2006-11-21 21:50 -------- d-------- C:\Program Files\iPod 2006-11-21 21:31 -------- d-------- C:\Program Files\QuickTime 2006-11-21 21:07 -------- d-------- C:\Program Files\Apple Software Update 2006-11-21 20:57 36808256 --a------ C:\Program Files\iTunesSetup.exe 2006-11-16 18:18 -------- d-------- C:\Program Files\Fichiers communs 2006-11-13 23:35 450560 --a------ C:\WINDOWS\system32\mnlsh7.dll 2006-11-13 23:35 1008128 --a------ C:\WINDOWS\explorer.exe 2006-11-12 21:34 274432 --a------ C:\WINDOWS\system32\pfmw985.dll 2006-11-12 13:05 -------- d-------- C:\Program Files\Webteh 2006-11-12 13:04 -------- d-------- C:\Documents and Settings\e-schwebel\Application Data\BSplayer 2006-11-09 23:37 274432 --a------ C:\WINDOWS\system32\OLgz8.dll 2006-10-22 19:45 1259 --a------ C:\WINDOWS\system32\ctdf1c37.sys 2006-10-21 09:55 53792 --a------ C:\WINDOWS\system32 askdir.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" "taskdir"="C:\WINDOWS\System32\taskdir.exe" "\"neobebackup.exe\""="C:\Program Files\neobe Backup\neobebackup.exe -min" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un] "BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor" "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" "BDMCon"="\"C:\Program Files\Softwin\BitDefender8\bdmcon.exe\"" "BDNewsAgent"="\"C:\Program Files\Softwin\BitDefender8\bdnagent.exe\"" "TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot" "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" "ctdf1c37"="RUNDLL32.EXE w107df78.dll,n 005f1c320000000a107df78" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion un] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=hex:95,00,00,00 "CDRAutoRun"=dword:00000000 "NoActiveDesktop"=dword:00000000 "ClassicShell"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000001 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] "path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk" "backup"="C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="AGRSMMSG" "hkey"="HKLM" "command"="AGRSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="Ati2mdxx" "hkey"="HKLM" "command"="Ati2mdxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\Program Files\Messenger\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCTRAY] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="Qctray" "hkey"="HKLM" "command"="C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="SynTPLpr" "hkey"="HKLM" "command"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="tp4ex" "hkey"="HKLM" "command"="tp4ex.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="TPHKMGR" "hkey"="HKLM" "command"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPTRAY] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="TP98TRAY" "hkey"="HKLM" "command"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_SMB] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\avpe32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avpe32.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avpe64.sys Contents of the 'Scheduled Tasks' folder C:\WINDOWS asks\AppleSoftwareUpdate.job C:\WINDOWS asks\At1.job C:\WINDOWS asks\At2.job C:\WINDOWS asks\At3.job C:\WINDOWS asks\BMMTask.job Completion time: 07-01-10 16:57:50.61 C:\ComboFix.txt ... 07-01-10 16:57 3. Look2me Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 10/01/2007 15:22:13 Infected! C:\WINDOWS\system32\fpn2035oe.dll Infected! C:\WINDOWS\system32\ir02l5do1.dll Infected! C:\WINDOWS\system32\lv4609hse.dll Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\fpn2035oe.dll C:\WINDOWS\system32\fpn2035oe.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\ir02l5do1.dll C:\WINDOWS\system32\ir02l5do1.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\lv4609hse.dll C:\WINDOWS\system32\lv4609hse.dll Deleted successfully! Making registry repairs. Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{726AA9E0-8D56-41B0-99AD-042BA92A3DC7}" HKCR\Clsid\{726AA9E0-8D56-41B0-99AD-042BA92A3DC7} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrateurs - Succeeded

blazdelire · Answer

j' "up"date mon com pour quon pense à moi

green day · Answer

c'est du bon boulot ;-)

 fais la manip du poste 2 stp

 ++

blazdelire · Answer

La manip du poste 2 ?

Sinon tu penses que mon ordi n'est plus infesté?

green day · Answer

plus infecté, je sais pas, mais beaucoup moin infecté, ça c'est sur ;-))

Télécharge haxfix.exe (par Marckie).

http://users.telenet.be/marcvn/tools/haxfix.exe

Sauvegarde le sur ton Bureau.
Double clique sur haxfix.exe afin de l'installer (par défaut, il s'installe dans C:\Program Files).
Lorsqu'installé, assure toi que "Launch HaxFix" soit coché (la boîte est cochée par défaut).
Une fenêtre "DOS" avec fond rouge va apparaître.
Tu verras "Press any key to continue.."; appuie sur une touche du clavier pour continuer.
Ce message s'affichera :

Insert the haxdoor notify subkey without the numbers,
and then press enter:

Tu dois taper ceci : avpe
Appuie sur "Entrée".

Si l'infection est identifiée, tu verras un message te demandant de fermer toutes les fenêtres ("Close all windows").
Ferme les toutes, sauf la fenêtre DOS avec fond rouge (l'outil), et appuie sur "Entrée".
Ton PC va redémarrer.
Après le redémarrage, poste (copie/colle) le contenu du rapport, situé ici : C:\haxfix.txt

++

blazdelire · Answer

Greenday, voici mon log Haxfix:

avpe64.sys has been deleted 


checking for other files
 
klgcptini.dat exists  
deleting klgcptini.dat 
klgcptini.dat has been deleted 
 
qz.dll exists  
deleting qz.dll 
qz.dll has been deleted 
 
qz.sys exists  
deleting qz.sys 
qz.sys has been deleted 
 
stt82.ini exists  
deleting stt82.ini 
stt82.ini has been deleted 
 

checking for a3d files

ps.a3d
deleting a3d files 
a3d files are deleted


Finished

blazdelire · Answer

J'ai (semble-t-il) moins de pop-ups

Depuis le dernier log in je n'ai pas vu apparaître Project1 dans mes tâches

mais tjs cet avis: erreur de chargement de w107df78.dll

Alors docteur, c toujours grave?

:-)

green day · Answer

bien !

Télécharge clean.zip 
http://www.malekal.com/download/clean.zip 
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 
Ouvre le dossier Clean qui se trouve sur ton bureau. 
Double-clic sur clean.cmd. 
Une fenêtre noire va apparaître, suis les consignes. 
Poste le rapport qui se trouve ici C:\rapport_clean.txt 

++

blazdelire · Answer

Comment tu sais tout ca????

green day · Answer

c'est-à-dire ???

 tous ces programmes ???

blazdelire · Answer

tous ces programmes...

quel programme dans quelle situation...

et lire les rapports!

Bon voici le rapport clean_txt

J'ai juste géneré le rapport pour l'instant, pas nettoyé encore

green day · Answer

ben, ça s'apprend ;-))

 il manque quelque chose :-)

++

blazdelire · Answer

Donc je lance le nettoyage? sur clean?

green day · Answer

il manque le rapport, cela dit, s'il ta trouvé quelque chose

redemarre en mode sans echec et passe à l'option 2

ensuite, fais le 1/ et 2/ de ce lien :

virus methode preliminaire de desinfection version fr

mais bon, vu l'heure qu'il est, tu peux le faire pour demain ;-))

@+

blazdelire · Answer

oh tu sais moi l'heure...

si je peux enfin avoir un ordi nickel !

C plutôt toi qui doit en avoir ta claque

En tout cas voila le rapport de nettoyage de clean cmd:

Script execute en mode normal 
Rapport clean par Malekal_morte - http://www.malekal.com 
Option 2, executee le 10/01/2007 a 23:57:49,68 

Microsoft Windows XP [version 5.1.2600]
 
*** Suppression de fichiers sur C: 
 
*** Suppression des fichiers dans C:\WINDOWS\ 
tentative de suppression de C:\WINDOWS\uniq 
 
*** Suppression des fichiers dans C:\WINDOWS\system32 
tentative de suppression de C:\WINDOWS\system32	askdir.exe 
Impossible de supprimer C:\WINDOWS\system32	askdir.exe  
tentative de suppression de C:\WINDOWS\system32\adir.dll 
Impossible de supprimer C:\WINDOWS\system32\adir.dll  
tentative de suppression de C:\WINDOWS\system32\zlbw.dll 
Impossible de supprimer C:\WINDOWS\system32\zlbw.dll  
 
 
*** Suppression des clefs du registre effectuee.. 
*** Fin du rapport !

blazdelire · Answer

demain je me lancerai dans la suite des opérations

Allez à demain greenday, si tu es fidèle au poste

green day · Answer

ok, Chercheurbis ou moi ;-))

++

Merci d'avance pour aide sur log Hijackthis

33 réponses

Discussions similaires

Newsletters