Infecté par "dialer trojan "

Résolu
akrapovic Messages postés 75 Statut Membre -  
blondin777 Messages postés 6162 Statut Contributeur -
norton 2005 me détecte le virus dialer trojan sans pouvoir le supprimer, j'ai un message d'alerte toute les 30 min

j'utilise spybot et norton internet security 2005 a jour
comment le supprimer définitivement?

voici mon scan hijack

Logfile of HijackThis v1.99.1
Scan saved at 15:54:49, on 18/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\COMMON~1\MANTEC~1\ntvdm.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Logitech\WebColct\webcolct.exe
D:\LOGICIEL\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33EEA474-6224-5F1D-35CB-0940B0A308F4} - C:\WINDOWS\system32\pfhrgl.dll
O2 - BHO: (no name) - {49B877D7-ED31-476D-AA94-875C37607D5e} - C:\WINDOWS\system32\weqkhxfu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B637DAB-09C1-4509-9C41-B7DEFE0EF726} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: (no name) - {E0228E4D-E89C-4336-B29A-24DC74B70B70} - (no file)
O2 - BHO: (no name) - {E64B276A-C5FE-C426-A0D5-C3DEB8B108CF} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [uaycfyh.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll",mogazwe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Onmm] "C:\PROGRA~1\COMMON~1\MANTEC~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {D8EF0CFD-FB62-4E39-A75C-D31630723D94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: jkklkhg - jkklkhg.dll (file missing)
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

mercie pour votre aide
Configuration: Windows XP pro
Internet Explorer 6.0

35 réponses

  • 1
  • 2
  1. blondin777 Messages postés 6162 Statut Contributeur 945
     
    Salut.

    Tu peux déjà faire 2 choses:

    Réinstaller hijackthis car mal installé:

    télécharges « Hijackthis »:

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    *Installes-le dans un dossier créé spécialement à la racine de ta partition principale (généralement c:\).
    Donc tu l'installes dans C:\ et pas dans C: \.........\........\.
    *Renommes le en hij.exe par exemple

    *Double cliques sur hij.exe
    *Cliques sur le fichier > « exécute » > « do a scan and save a logfile ».
    *Une fois fini tu vas avoir un « rapport.txt » (dans le dossier où tu l’as installé)
    *Postes ici ce rapport

    Démo pour cocher et fixer les lignes:

    http://pageperso.aol.fr/balltrap34/Hijenr.gif
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Et, avant de reposter un log hijackthis, coches et fixes toutes les lignes 018 sauf ces 2 là:

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    0
  2. akrapovic Messages postés 75 Statut Membre 1
     
    le lien de telechargement me renvoi sur le site officiel, la version hijackthis v2,0,0 beta me demande de l'installer dans c:\program files\hijack,car il est dans le fichier temp(d'aprés ce que j'ai compris du message en anglais) ce que j'ai fais, et la plus de message ,,,,ok

    voici le nouveau rapport

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:27:53, on 18/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\COMMON~1\MANTEC~1\ntvdm.exe
    C:\Program Files\Ipwindows\ipwins.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\eMule\emule.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\julien\LOCALS~1\Temp\~e5.0001
    C:\Program Files\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {33EEA474-6224-5F1D-35CB-0940B0A308F4} - C:\WINDOWS\system32\pfhrgl.dll
    O2 - BHO: (no name) - {49B877D7-ED31-476D-AA94-875C37607D5e} - C:\WINDOWS\system32\weqkhxfu.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8B637DAB-09C1-4509-9C41-B7DEFE0EF726} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
    O2 - BHO: (no name) - {E0228E4D-E89C-4336-B29A-24DC74B70B70} - (no file)
    O2 - BHO: (no name) - {E64B276A-C5FE-C426-A0D5-C3DEB8B108CF} - (no file)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [uaycfyh.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll",mogazwe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Onmm] "C:\PROGRA~1\COMMON~1\MANTEC~1\ntvdm.exe" -vt yazb
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: jkklkhg - jkklkhg.dll (file missing)
    O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  3. akrapovic Messages postés 75 Statut Membre 1
     
    up
    0
  4. blondin777 Messages postés 6162 Statut Contributeur 945
     
    Tu désactives ta restauration système en faisant start(ou logo windows)+pause>>onglet restauration et tu coches la case correspondante. tu cliques oui dans la fenêtre qui s'ouvre.

    ***********************

    Fais démarrer>>panneau de configuration>>ajout/suppr de programme et supprimes ce programme:

    Logitech\Desktop Messenger

    Coches et fixes ces lignes:

    O2 - BHO: (no name) - {33EEA474-6224-5F1D-35CB-0940B0A308F4} - C:\WINDOWS\system32\pfhrgl.dll
    O2 - BHO: (no name) - {49B877D7-ED31-476D-AA94-875C37607D5e} - C:\WINDOWS\system32\weqkhxfu.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8B637DAB-09C1-4509-9C41-B7DEFE0EF726} - (no file)
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
    O2 - BHO: (no name) - {E0228E4D-E89C-4336-B29A-24DC74B70B70} - (no file)
    O2 - BHO: (no name) - {E64B276A-C5FE-C426-A0D5-C3DEB8B108CF} - (no file)
    O4 - HKLM\..\Run: [uaycfyh.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll",mogazwe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O20 - Winlogon Notify: jkklkhg - jkklkO20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
    hg.dll (file missing)

    ***********************

    Un petit lien pour faire le ménage dans tes services(ligne 023):

    https://www.pcastuces.com/pratique/windows/services/page1.htm

    **********************

    >>> note très importante:
    1°) ce qui suit doit être imprimé ou enregistré dans un fichier texte sur le bureau pour utilisation en "mode sans échec (donc forum inaccessible)
    2°) les utilitaires indiqués doivent être téléchargés, installés et mis à jour en "mode normal" avant toute utilisation.
    3°) démarrer en mode sans échec et utiliser les utilitaires dans l'ordre.

    ** télécharges « CCleaner »:
    https://www.01net.com/404/
    après l’install. lances-le et
    Clic sur "Options" > "Avancé" et décoches la case "Effacer uniquement ...que 48 heures".
    clic sur « erreurs » (à gauche) coches toutes les cases (sauf la dernière), puis
    clic sur « chercher des erreurs » une fois fini,
    clic sur « réparer les erreurs »
    au message pour sauvegarder la base de registre clic « oui »
    dans la fenêtre qui apparaît clic sur « corriger toutes les erreurs » puis sur « ok »
    recommencer jusqu’a ce qu’il n’y aie plus d’erreurs.
    dans la colonne de gauche clic sur « nettoyeur »puis « analyse ».
    attendre la fin et clic sur « lancer le nettoyage » autant de fois que nécessaire.

    **Télécharge la version d'essai d'AVG Anti-Spyware 7.5 ici :
    https://www.avg.com/en-ww/free-antivirus-download
    et l'installer.

    Son tuto (merci malekal_morte) : https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

    Démarrer AVG antispyware. Cliquer sur "mise à jour", cliquer sur le bouton "Commencer la mise à jour" et attendre la fin de cette mise à jour puis, fermer le programme.
    Redemarrer en mode sans échec, relancer AVG AS et cliquer sur l'onglet "scanner" puis sur "Analyse complète du système".
    Une fois le scan terminé, il t'affiche un rapport. Cliquer sur "configurer..." en bas a gauche et choisir "supprimer". Ensuite cliquer sur "Appliquer toutes les actions ", ca va supprimer toutes les infections détectées.
    Ensuite cliquer sur "Enregistrer le rapport d'analyse" -> "enregistrer sous" et enregistrer le rapport où bon te semble, afin de me l'envoyer dans ta prochaine réponse.

    Pour vérifier, scanne ton PC avec cet antivirus en ligne (sous IE et accepte l’activX) :
    http://www.bitdefender.fr/bd/site/search.php#
    Clique sur « Bitdefender scan on line » suis les instructions.
    Et colle le rapport.

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. akrapovic Messages postés 75 Statut Membre 1
     
    voici mon rapport antispyware

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 22:41:48 31/03/2007

    + Résultat de l'analyse:

    C:\Program Files\Common Files\Companion Wizard\compwiz.exe -> Adware.Companion : Nettoyé.
    C:\Program Files\Outerinfo\OiUninstaller.exe -> Adware.PurityScan : Nettoyé.
    C:\Documents and Settings\julien\Cookies\julien@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Program Files\BitDownload\ZM\minime.exe -> Trojan.Inject.ba : Nettoyé.
    C:\WINDOWS\system32\siduqhb.dll -> Trojan.Obfuscated.ev : Nettoyé.
    C:\WINDOWS\system32\wnsapiit.exe -> Trojan.Small : Nettoyé.

    Fin du rapport

    puis mon rapport bitdefender

    BitDefender Online Scanner

    Scan report generated at: Sun, Apr 01, 2007 - 18:59:42

    Scan path: A:\;C:\;D:\;E:\;F:\;

    Statistics

    Time
    01:38:55

    Files
    437896

    Folders
    5484

    Boot Sectors
    3

    Archives
    6118

    Packed Files
    63865

    Results

    Identified Viruses
    11

    Infected Files
    41

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    43

    Engines Info

    Virus Definitions
    416018

    Engine build
    AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll
    Infected with: Trojan.Obfus.Gen

    C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll
    Disinfection failed

    C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll
    Delete failed

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\MA43AV95\anti4[1].exe
    Infected with: MemScan:Trojan.Vundo.AJ

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\MA43AV95\anti4[1].exe
    Disinfection failed

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\MA43AV95\anti4[1].exe
    Deleted

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\MA43AV95\xc37[1].exe
    Infected with: Trojan.Multidropper.H

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\MA43AV95\xc37[1].exe
    Disinfection failed

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\MA43AV95\xc37[1].exe
    Deleted

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\45aTq2V13X[1].exe
    Infected with: Trojan.Obfus.Gen

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\45aTq2V13X[1].exe
    Disinfection failed

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\45aTq2V13X[1].exe
    Deleted

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe=>(NSIS o)
    Update failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21D27F14.exe=>(Quarantine-2)
    Infected with: Dropped:Dialer.Udia.A

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21D27F14.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21D27F14.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26C340F5.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26C340F5.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26C340F5.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26C340F5.exe=>(Quarantine-2)=>(NSIS o)
    Update failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A3C0688.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A3C0688.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A3C0688.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A3C0688.exe=>(Quarantine-2)=>(NSIS o)
    Update failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\375E539B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\375E539B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\375E539B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\375E539B.exe=>(Quarantine-2)=>(NSIS o)
    Update failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38EC377B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38EC377B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38EC377B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38EC377B.exe=>(Quarantine-2)=>(NSIS o)
    Update failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42186F90.exe=>(Quarantine-2)
    Infected with: Dropped:Dialer.Udia.A

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42186F90.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42186F90.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A95721A.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A95721A.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A95721A.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A95721A.exe=>(Quarantine-2)=>(NSIS o)
    Update failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BA14BEE.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Matcash.B

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BA14BEE.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BA14BEE.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BC843C3.exe=>(Quarantine-2)
    Infected with: Dropped:Dialer.Udia.A

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BC843C3.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BC843C3.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4C2624C8.exe=>(Quarantine-2)
    Infected with: Dropped:Dialer.Udia.A

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4C2624C8.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4C2624C8.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\507020A3.exe=>(Quarantine-2)
    Infected with: Dropped:Dialer.Udia.A

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\507020A3.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\507020A3.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C9D6861.dll=>(Quarantine-2)
    Infected with: Trojan.Spy.VBStat.B

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C9D6861.dll=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6053278D.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6053278D.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6053278D.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6053278D.exe=>(Quarantine-2)=>(NSIS o)
    Update failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\70BC6518.exe=>(Quarantine-2)
    Infected with: Dropped:Dialer.Udia.A

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\70BC6518.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\70BC6518.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\758F30EB.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\758F30EB.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\758F30EB.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\758F30EB.exe=>(Quarantine-2)=>(NSIS o)
    Update failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78395F87.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78395F87.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78395F87.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78395F87.exe=>(Quarantine-2)=>(NSIS o)
    Update failed

    C:\WINDOWS\system32\byxxusq.dll
    Infected with: MemScan:Trojan.Vundo.AJ

    C:\WINDOWS\system32\byxxusq.dll
    Disinfection failed

    C:\WINDOWS\system32\byxxusq.dll
    Delete failed

    C:\WINDOWS\system32\hbhwmtn.dll
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\system32\hbhwmtn.dll
    Disinfection failed

    C:\WINDOWS\system32\hbhwmtn.dll
    Delete failed

    C:\WINDOWS\system32\pfhrgl.dll
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\system32\pfhrgl.dll
    Disinfection failed

    C:\WINDOWS\system32\pfhrgl.dll
    Delete failed

    C:\WINDOWS\system32\uaycfyh.dll
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\system32\uaycfyh.dll
    Disinfection failed

    C:\WINDOWS\system32\uaycfyh.dll
    Deleted

    C:\WINDOWS\system32\uthputb.dll
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\system32\uthputb.dll
    Disinfection failed

    C:\WINDOWS\system32\uthputb.dll
    Delete failed

    C:\WINDOWS\system32\vumfetk.dll
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\system32\vumfetk.dll
    Disinfection failed

    C:\WINDOWS\system32\vumfetk.dll
    Deleted

    C:\WINDOWS\system32\wacdwuwi.dll
    Infected with: Trojan.Virtumod.JB

    C:\WINDOWS\system32\wacdwuwi.dll
    Disinfection failed

    C:\WINDOWS\system32\wacdwuwi.dll
    Delete failed

    C:\WINDOWS\system32\wezzjze.dll
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\system32\wezzjze.dll
    Disinfection failed

    C:\WINDOWS\system32\wezzjze.dll
    Deleted

    C:\WINDOWS\Temp\win1E1C.tmp.exe
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win1E1C.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win1E1C.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win1EDD.tmp.exe
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win1EDD.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win1EDD.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win1F.tmp.exe
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\Temp\win1F.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win1F.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win24.tmp.exe
    Infected with: Trojan.Agent.QT

    C:\WINDOWS\Temp\win24.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win24.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win28.tmp.exe
    Infected with: Trojan.Multidropper.H

    C:\WINDOWS\Temp\win28.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win28.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win32.tmp
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win32.tmp
    Disinfection failed

    C:\WINDOWS\Temp\win32.tmp
    Deleted

    C:\WINDOWS\Temp\win32.tmp.exe
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win32.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win32.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win44.tmp.exe
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win44.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win44.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win45.tmp.exe
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win45.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win45.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win5B.tmp.exe
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win5B.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win5B.tmp.exe
    Deleted

    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe=>(RAR Sfx o)=>6.03 Pour les nuls comme j'‚tais avant -- mode d'emploi de tout pour inj\3 inject plug\NedroFun520.exe
    Infected with: Trojan.Genlot.LI

    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe=>(RAR Sfx o)=>6.03 Pour les nuls comme j'‚tais avant -- mode d'emploi de tout pour inj\3 inject plug\NedroFun520.exe
    Disinfection failed

    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe=>(RAR Sfx o)=>6.03 Pour les nuls comme j'‚tais avant -- mode d'emploi de tout pour inj\3 inject plug\NedroFun520.exe
    Deleted

    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe=>(RAR Sfx o)
    Update failed

    D:\SATELLITE\logiciel ng4\6.03 Pour les nuls comme j'étais avant -- mode d'emploi de tout pour inj\3 inject plug\NedroFun520.exe
    Infected with: Trojan.Genlot.LI

    D:\SATELLITE\logiciel ng4\6.03 Pour les nuls comme j'étais avant -- mode d'emploi de tout pour inj\3 inject plug\NedroFun520.exe
    Disinfection failed

    D:\SATELLITE\logiciel ng4\6.03 Pour les nuls comme j'étais avant -- mode d'emploi de tout pour inj\3 inject plug\NedroFun520.exe
    Deleted
    0
  7. blondin777 Messages postés 6162 Statut Contributeur 945
     
    Vides ta quarantaine dans Norton.

    Telecharges Killbox : https://www.generation-nt.com/killbox-telechargement-25430.html

    Doubles clique sur killbox.exe (Pocket Killbox)

    sélectionne entièrement la liste ci-dessous :

    C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll
    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe
    C:\WINDOWS\system32\byxxusq.dll
    C:\WINDOWS\system32\hbhwmtn.dll
    C:\WINDOWS\system32\pfhrgl.dll
    C:\WINDOWS\system32\uthputb.dll
    C:\WINDOWS\system32\wacdwuwi.dll
    D:\SATELLITE


    ---> et tu fais clic droit / copier

    Ouvres killbox
    - Sélectionne "delete on reboot"
    - Clique sur le menu "File" -> "Past from clip board"
    - Clique sur All Files
    - Clique sur la croix rouge et et blanche
    - Répond yes et laisse redémarrer ton pc.

    NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!" et que l'ordinateur ne redémarre pas, redémarre le manuellement ---> Menu Démarrer / arreter / redémarrer l'ordinateur

    Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
    Poste le rapport ici

    Refais un scan bitdefender après tout ça.
    0
  8. akrapovic Messages postés 75 Statut Membre 1
     
    voici mon rapport killbox

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as julien(Administrator)
    was started @ dimanche, avril 01, 2007, 8:51 PM

    Killbox Closed(Exit) @ 8:52:39 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as julien(Administrator)
    was started @ dimanche, avril 01, 2007, 8:52 PM

    # 1 [Delete on Reboot]
    Path = C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll

    # 2 [Delete on Reboot]
    Path = C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe

    # 3 [Delete on Reboot]
    Path = C:\WINDOWS\system32\byxxusq.dll

    # 4 [Delete on Reboot]
    Path = C:\WINDOWS\system32\hbhwmtn.dll

    # 5 [Delete on Reboot]
    Path = C:\WINDOWS\system32\pfhrgl.dll

    # 6 [Delete on Reboot]
    Path = C:\WINDOWS\system32\uthputb.dll

    # 7 [Delete on Reboot]
    Path = C:\WINDOWS\system32\wacdwuwi.dll

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:57:21 PM
    Killbox Closed(Exit) @ 8:57:37 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as julien(Administrator)
    was started @ dimanche, avril 01, 2007, 9:04 PM

    ainsi que le rapport bitdeffender

    BitDefender Online Scanner

    Scan report generated at: Sun, Apr 01, 2007 - 22:51:40

    Scan path: A:\;C:\;D:\;E:\;F:\;

    Statistics

    Time
    01:39:38

    Files
    439101

    Folders
    5460

    Boot Sectors
    3

    Archives
    6083

    Packed Files
    63859

    Results

    Identified Viruses
    7

    Infected Files
    20

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    16

    Engines Info

    Virus Definitions
    416691

    Engine build
    AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\!KillBox\byxxusq.dll
    Infected with: MemScan:Trojan.Vundo.AJ

    C:\!KillBox\byxxusq.dll
    Disinfection failed

    C:\!KillBox\byxxusq.dll
    Deleted

    C:\!KillBox\hbhwmtn.dll
    Infected with: Trojan.Obfus.Gen

    C:\!KillBox\hbhwmtn.dll
    Disinfection failed

    C:\!KillBox\hbhwmtn.dll
    Deleted

    C:\!KillBox\pfhrgl.dll
    Infected with: Trojan.Obfus.Gen

    C:\!KillBox\pfhrgl.dll
    Disinfection failed

    C:\!KillBox\pfhrgl.dll
    Deleted

    C:\!KillBox\uaycfyh.dll
    Infected with: Trojan.Obfus.Gen

    C:\!KillBox\uaycfyh.dll
    Disinfection failed

    C:\!KillBox\uaycfyh.dll
    Deleted

    C:\!KillBox\uthputb.dll
    Infected with: Trojan.Obfus.Gen

    C:\!KillBox\uthputb.dll
    Disinfection failed

    C:\!KillBox\uthputb.dll
    Deleted

    C:\!KillBox\wacdwuwi.dll
    Infected with: Trojan.Virtumod.JB

    C:\!KillBox\wacdwuwi.dll
    Disinfection failed

    C:\!KillBox\wacdwuwi.dll
    Deleted

    C:\!KillBox\xc42[1].exe=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\!KillBox\xc42[1].exe=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\!KillBox\xc42[1].exe=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\!KillBox\xc42[1].exe=>(NSIS o)
    Update failed

    C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll
    Infected with: Trojan.Obfus.Gen

    C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll
    Disinfection failed

    C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll
    Delete failed

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.BKK

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe=>(NSIS o)
    Update failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73F8541A.exe=>(Quarantine-2)
    Infected with: Dropped:Dialer.Udia.A

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73F8541A.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73F8541A.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\789A5D02.exe=>(Quarantine-2)
    Infected with: Dropped:Dialer.Udia.A

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\789A5D02.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\789A5D02.exe=>(Quarantine-2)
    Deleted

    C:\WINDOWS\system32\byxxusq.dll
    Infected with: MemScan:Trojan.Vundo.AJ

    C:\WINDOWS\system32\byxxusq.dll
    Disinfection failed

    C:\WINDOWS\system32\byxxusq.dll
    Delete failed

    C:\WINDOWS\system32\hbhwmtn.dll
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\system32\hbhwmtn.dll
    Disinfection failed

    C:\WINDOWS\system32\hbhwmtn.dll
    Delete failed

    C:\WINDOWS\system32\pfhrgl.dll
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\system32\pfhrgl.dll
    Disinfection failed

    C:\WINDOWS\system32\pfhrgl.dll
    Delete failed

    C:\WINDOWS\system32\uthputb.dll
    Infected with: Trojan.Obfus.Gen

    C:\WINDOWS\system32\uthputb.dll
    Disinfection failed

    C:\WINDOWS\system32\uthputb.dll
    Delete failed

    C:\WINDOWS\system32\wacdwuwi.dll
    Infected with: Trojan.Virtumod.JB

    C:\WINDOWS\system32\wacdwuwi.dll
    Disinfection failed

    C:\WINDOWS\system32\wacdwuwi.dll
    Delete failed

    C:\WINDOWS\Temp\win22B.tmp.exe
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win22B.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win22B.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win22F.tmp.exe
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win22F.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win22F.tmp.exe
    Deleted

    C:\WINDOWS\Temp\win232.tmp.exe
    Infected with: Trojan.Downloader.Agent.AQG

    C:\WINDOWS\Temp\win232.tmp.exe
    Disinfection failed

    C:\WINDOWS\Temp\win232.tmp.exe
    Deleted

    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe=>(RAR Sfx o)=>6.03 Pour les nuls comme j'‚tais avant -- mode d'emploi de tout pour inj\3 inject plug\NedroFun520.exe
    Infected with: Trojan.Genlot.LI

    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe=>(RAR Sfx o)=>6.03 Pour les nuls comme j'‚tais avant -- mode d'emploi de tout pour inj\3 inject plug\NedroFun520.exe
    Disinfection failed

    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe=>(RAR Sfx o)=>6.03 Pour les nuls comme j'‚tais avant -- mode d'emploi de tout pour inj\3 inject plug\NedroFun520.exe
    Deleted

    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe=>(RAR Sfx o)
    Update failed

    je doit garder le dossier D:\satellite

    le dossier D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe a ete supprimé
    0
  9. blondin777 Messages postés 6162 Statut Contributeur 945
     
    Non il a pas été supprimé, la preuve:

    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe=>(RAR Sfx o)
    Update failed


    Doubles clique sur killbox.exe (Pocket Killbox)

    sélectionne entièrement la liste ci-dessous :

    C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll
    C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe
    C:\!KillBox\xc42[1].exe
    D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe
    C:\WINDOWS\system32\wacdwuwi.dll
    C:\WINDOWS\system32\byxxusq.dll
    C:\WINDOWS\system32\hbhwmtn.dll
    C:\WINDOWS\system32\pfhrgl.dll
    C:\WINDOWS\system32\uthputb.dll


    ---> et tu fais clic droit / copier

    Ouvres killbox
    - Sélectionne "delete on reboot"
    - Clique sur le menu "File" -> "Past from clip board"
    - Clique sur All Files
    - Clique sur la croix rouge et et blanche
    - Répond yes et laisse redémarrer ton pc.

    NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!" et que l'ordinateur ne redémarre pas, redémarre le manuellement ---> Menu Démarrer / arreter / redémarrer l'ordinateur

    Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
    Poste le rapport ici

    Fais une recherche de tous ces fichiers sur ton disque dur et supprimes ce que tu trouves.

    Es tu sûr d'avoir vider ton dossier de quarantaine de norton?

    Repostes un log hijackthis aussi, stp.
    0
  10. akrapovic Messages postés 75 Statut Membre 1
     
    le dossier D:\SATELLITE\logiciel ng4\6.03 avec mode d'emploi.exe a ete supprimé aprés le rapport

    j'ai bien supprimé les dossier mis en quarentaine par norton

    par contre:

    C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll
    C:\WINDOWS\system32\wacdwuwi.dll
    C:\WINDOWS\system32\byxxusq.dll
    C:\WINDOWS\system32\hbhwmtn.dll
    C:\WINDOWS\system32\pfhrgl.dll
    C:\WINDOWS\system32\uthputb.dll

    ces dossier ne peuve pas etre supprimé, accé refusé

    voici le rapport killbox

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as julien(Administrator)
    was started @ dimanche, avril 01, 2007, 8:51 PM

    Killbox Closed(Exit) @ 8:52:39 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as julien(Administrator)
    was started @ dimanche, avril 01, 2007, 8:52 PM

    # 1 [Delete on Reboot]
    Path = C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll

    # 2 [Delete on Reboot]
    Path = C:\Documents and Settings\julien\Local Settings\Temporary Internet Files\Content.IE5\WLYBO96B\xc42[1].exe

    # 3 [Delete on Reboot]
    Path = C:\WINDOWS\system32\byxxusq.dll

    # 4 [Delete on Reboot]
    Path = C:\WINDOWS\system32\hbhwmtn.dll

    # 5 [Delete on Reboot]
    Path = C:\WINDOWS\system32\pfhrgl.dll

    # 6 [Delete on Reboot]
    Path = C:\WINDOWS\system32\uthputb.dll

    # 7 [Delete on Reboot]
    Path = C:\WINDOWS\system32\wacdwuwi.dll

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:57:21 PM
    Killbox Closed(Exit) @ 8:57:37 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as julien(Administrator)
    was started @ dimanche, avril 01, 2007, 9:04 PM

    # 1 [Delete on Reboot]
    Path = C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll

    # 2 [Delete on Reboot]
    Path = C:\!KillBox\xc42[1].exe

    # 3 [Delete on Reboot]
    Path = C:\WINDOWS\system32\wacdwuwi.dll

    # 4 [Delete on Reboot]
    Path = C:\WINDOWS\system32\byxxusq.dll

    # 5 [Delete on Reboot]
    Path = C:\WINDOWS\system32\hbhwmtn.dll

    # 6 [Delete on Reboot]
    Path = C:\WINDOWS\system32\pfhrgl.dll

    # 7 [Delete on Reboot]
    Path = C:\WINDOWS\system32\uthputb.dll

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 11:37:21 PM
    Killbox Closed(Exit) @ 11:37:34 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as julien(Administrator)
    was started @ dimanche, avril 01, 2007, 11:50 PM

    et rapport hijack

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 23:57:21, on 01/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Ipwindows\ipwins.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\KillBox.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {312BE163-4A9C-F80B-26DF-04830735B8E5} - C:\WINDOWS\system32\uthputb.dll
    O2 - BHO: (no name) - {33EEA474-6224-5F1D-35CB-0940B0A308F4} - C:\WINDOWS\system32\pfhrgl.dll
    O2 - BHO: (no name) - {49B877D7-ED31-476D-AA94-875C37607D5e} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\ceeamitq.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8B637DAB-09C1-4509-9C41-B7DEFE0EF726} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E0228E4D-E89C-4336-B29A-24DC74B70B70} - (no file)
    O2 - BHO: (no name) - {E64B276A-C5FE-C426-A0D5-C3DEB8B108CF} - (no file)
    O2 - BHO: (no name) - {EC6B1616-7D3A-4997-92F7-210AC767D880} - C:\WINDOWS\system32\ddcyx.dll
    O2 - BHO: (no name) - {EF885EBA-76E2-4D84-B094-C8B4E9492927} - C:\WINDOWS\system32\byxxusq.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [uaycfyh.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll",mogazwe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [hbhwmtn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hbhwmtn.dll,ukfukw
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\wacdwuwi.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Onmm] "C:\PROGRA~1\COMMON~1\MANTEC~1\ntvdm.exe" -vt yazb
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O20 - Winlogon Notify: byxxusq - C:\WINDOWS\SYSTEM32\byxxusq.dll
    O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
    O20 - Winlogon Notify: jkklkhg - jkklkhg.dll (file missing)
    O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  11. akrapovic Messages postés 75 Statut Membre 1
     
    up
    0
  12. blondin777 Messages postés 6162 Statut Contributeur 945
     
    Salut.

    Essaies de supprimer les fichiers en mode sans echec
    0
  13. akrapovic Messages postés 75 Statut Membre 1
     
    ok j'ai pu en supprimer quelque un en mode sans echec mais
    c:\windows\systeme32\byxxusq.dll
    c:\windows\systeme32\ddcyx.dll
    sont impossible a supprimer

    voici mon rapport hijack

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:45:20, on 12/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Ipwindows\ipwins.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\HiJackThis_v2.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {106B9618-36F8-4CD5-60DE-0064E6A1F931} - (no file)
    O2 - BHO: (no name) - {312BE163-4A9C-F80B-26DF-04830735B8E5} - (no file)
    O2 - BHO: (no name) - {33EEA474-6224-5F1D-35CB-0940B0A308F4} - (no file)
    O2 - BHO: (no name) - {49B877D7-ED31-476D-AA94-875C37607D5e} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\oqttrief.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8B637DAB-09C1-4509-9C41-B7DEFE0EF726} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E0228E4D-E89C-4336-B29A-24DC74B70B70} - (no file)
    O2 - BHO: (no name) - {E64B276A-C5FE-C426-A0D5-C3DEB8B108CF} - (no file)
    O2 - BHO: (no name) - {EF885EBA-76E2-4D84-B094-C8B4E9492927} - C:\WINDOWS\system32\byxxusq.dll
    O2 - BHO: (no name) - {FAEC828B-8288-416D-9F78-92C26A19981C} - C:\WINDOWS\system32\ddcyx.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [uaycfyh.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll",mogazwe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [hbhwmtn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hbhwmtn.dll,ukfukw
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Onmm] "C:\PROGRA~1\COMMON~1\MANTEC~1\ntvdm.exe" -vt yazb
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O20 - Winlogon Notify: byxxusq - C:\WINDOWS\SYSTEM32\byxxusq.dll
    O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
    O20 - Winlogon Notify: jkklkhg - jkklkhg.dll (file missing)
    O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  14. akrapovic Messages postés 75 Statut Membre 1
     
    est ce que fixer les lignes 020 peuvent m'aider a supprimer ces virus?
    0
  15. blondin777 Messages postés 6162 Statut Contributeur 945
     
    Désinstalles logitech deskop messenger.

    Coches et fixes ces lignes:

    O2 - BHO: (no name) - {106B9618-36F8-4CD5-60DE-0064E6A1F931} - (no file)
    O2 - BHO: (no name) - {312BE163-4A9C-F80B-26DF-04830735B8E5} - (no file)
    O2 - BHO: (no name) - {33EEA474-6224-5F1D-35CB-0940B0A308F4} - (no file)
    O2 - BHO: (no name) - {49B877D7-ED31-476D-AA94-875C37607D5e} - (no file)
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\oqttrief.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8B637DAB-09C1-4509-9C41-B7DEFE0EF726} - (no file)
    O4 - HKLM\..\Run: [uaycfyh.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\julien\Local Settings\Application Data\uaycfyh.dll",mogazwe
    O4 - HKLM\..\Run: [hbhwmtn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hbhwmtn.dll,ukfukw
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Onmm] "C:\PROGRA~1\COMMON~1\MANTEC~1\ntvdm.exe" -vt yazb
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O20 - Winlogon Notify: jkklkhg - jkklkhg.dll (file missing)

    *************************
    Un petit lien pour faire le ménage dans tes services(ligne 023):

    https://www.pcastuces.com/pratique/windows/services/page1.htm
    ************************

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

    http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe afin de le lancer.
    Clique sur le bouton "Scan for Vundo"
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
    Démarre ton PC à nouveau.
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt
    0
  16. akrapovic Messages postés 75 Statut Membre 1
     
    il me reste plus qu'a suprimer 1 virus détecté par norton "trojan.Vundo"
    C:\WINDOWS\system32\byxxusq.dll

    mais je narrive pas a le supprimer
    voici mon rapport vundo

    VundoFix V6.3.16

    Checking Java version...

    Sun Java not detected
    Scan started at 21:26:44 14/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\qbhfeivu.dll
    C:\WINDOWS\system32\vtsqo.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\vtsqo.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.16

    Checking Java version...

    Sun Java not detected
    Scan started at 21:44:25 14/03/2007

    Listing files found while scanning....

    No infected files were found.

    VundoFix V6.3.16

    Checking Java version...

    Sun Java not detected
    Scan started at 13:19:45 13/04/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\ddcyx.dll
    C:\WINDOWS\system32\oqttrief.dll
    C:\WINDOWS\system32\xycdd.bak2
    C:\WINDOWS\system32\xycdd.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ddcyx.dll
    C:\WINDOWS\system32\ddcyx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqttrief.dll
    C:\WINDOWS\system32\oqttrief.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xycdd.bak2
    C:\WINDOWS\system32\xycdd.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xycdd.ini
    C:\WINDOWS\system32\xycdd.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.16

    Checking Java version...

    Sun Java not detected
    Scan started at 16:30:09 13/04/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

    VundoFix V6.3.16

    Checking Java version...

    Sun Java not detected
    Scan started at 17:30:48 13/04/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...
    0
  17. akrapovic Messages postés 75 Statut Membre 1
     
    je narrive pas a fixer les ligne

    O2 - BHO: (no name) - {EF885EBA-76E2-4D84-B094-C8B4E9492927} - C:\WINDOWS\system32\byxxusq.dll
    O20 - Winlogon Notify: byxxusq - C:\WINDOWS\SYSTEM32\byxxusq.dll

    mon rapport hijack

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:05:23, on 13/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ScanVundo.exe.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {EF885EBA-76E2-4D84-B094-C8B4E9492927} - C:\WINDOWS\system32\byxxusq.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O20 - Winlogon Notify: byxxusq - C:\WINDOWS\SYSTEM32\byxxusq.dll
    O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  18. blondin777 Messages postés 6162 Statut Contributeur 945
     
    Telecharges Killbox : https://www.generation-nt.com/killbox-telechargement-25430.html

    Doubles clique sur killbox.exe (Pocket Killbox)

    - coches: delete on reboot
    dans la barre vide entre ceci: (exactement)

    C:\WINDOWS\system32\byxxusq.dll


    - cliques sur la croix rouge
    - une fenetre va apparaitre pour confirmation cliques sur YES
    - une seconde fenetre te demande si tu veux redemarrer cliques sur YES

    Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
    Poste le rapport ici

    Repostes un log hijackthis ensuite.
    0
  19. akrapovic Messages postés 75 Statut Membre 1
     
    au redemarage norton me detecte toujour le virus malgré killbox

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as julien(Administrator)
    was started @ vendredi, avril 13, 2007, 7:34 PM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\system32\byxxusq.dll

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 7:36:56 PM
    # 2 [Delete on Reboot]
    Path = C:\WINDOWS\system32\byxxusq.dll

    Killbox Closed(Exit) @ 7:38:18 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.881
    Running on Windows XP as julien(Administrator)
    was started @ vendredi, avril 13, 2007, 7:40 PM

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:44:36, on 13/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\KillBox.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\ScanVundo.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {EF885EBA-76E2-4D84-B094-C8B4E9492927} - C:\WINDOWS\system32\byxxusq.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O20 - Winlogon Notify: byxxusq - C:\WINDOWS\SYSTEM32\byxxusq.dll
    O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  20. akrapovic Messages postés 75 Statut Membre 1
     
    help
    0
  21. blondin777 Messages postés 6162 Statut Contributeur 945
     
    Clique sur démarrer -> panneau de configuration (en affichage classique) ->option des dossiers -> onglet « affichage »

    * Coches « afficher les dossiers et fichiers cachés »
    * Décoches « Masquer les fichiers protégés du système d'exploitation (recommandé) »
    * Décoches « masquer les extensions dont le type est connu »

    Puis Appliquer pour valider les changements. Et Ok.

    Refais un passage avec vundo.

    Essaies de le killer mais en mode sans echec.

    Si ca ne donne rien, fais ça:

    Rends toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html

    Clique sur parcourir et cherche ces fichiers :

    byxxusq.dll
    winjvd32.dll


    Clique sur send.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.
    0
  • 1
  • 2