win32... Résolu

Question

Bonsoir a tous,voila je ne suis pas un géni en informatique malheureusement j'ai donc besoin de votre aide.
depuis peu Avast 4,7 me detecte win32 Vbstat-c , win32 trojan-gen et win 32 BHO-Bg. je les ai mis en quarantaine mais ils reviennent sans cesse. de plus j'ai depuis ce moment des tas de fenetres de pub pour des anti virus et autres qui s'ouvrent. y'a t il une solution d'avance merci beaucoup

philae83 · Answer

Bonsoir, * Télécharge Blacklight https://europe.f-secure.com/exclude/blacklight/index.shtml (de F-Secure) (le premier de la page) Enregistre le sur ton Bureau. Double-clique blbeta.exe Clique sur "I ACCEPT" . clique Scan puis Next<*gras> Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

pers6006 · Answer

ok merci je te tiens au courant dés que le scan est fait merci

pers6006 · Answer

bizarre le scan ne donne rien ,aucun résultat

pers6006 · Answer

ah si pardon chui pas un bon éleve

voici le résultat

03/18/07 22:01:56 [Info]: BlackLight Engine 1.0.55 initialized
03/18/07 22:01:56 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/18/07 22:01:56 [Note]: 7019 4
03/18/07 22:01:56 [Note]: 7005 0
03/18/07 22:02:17 [Note]: 7006 0
03/18/07 22:02:17 [Note]: 7011 440
03/18/07 22:02:18 [Note]: 7026 0
03/18/07 22:02:18 [Note]: 7026 0
03/18/07 22:02:41 [Note]: FSRAW library version 1.7.1021
03/18/07 22:22:23 [Note]: 7007 0

pers6006 · Answer

qqun pourrait me dire que faire ensuite,merci beaucoup

philae83 · Answer

une minute, j'arrive.....

* Télécharge  HijackThis  et poste le rapport stp

http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

pers6006 · Answer

Voila le rapport auquel je ne comprend rien

Logfile of HijackThis v1.99.1
Scan saved at 18:13:40, on 19/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xgrpkyym.dll",setvm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12e06faaa13c96209719/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {C942A79B-01ED-47EE-9DAA-1EFAA70DAB8E} (VacPro.int_ver22b) - http://www.muiegaozsicur.com/ocx/intES_ver22b.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {F4653484-F38C-455F-BB15-1175E527754E} (VideoProducer Class) - http://www.jointheorgy.com/static/class/webcam_ie6/webcam2.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O18 - Protocol: bw+0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

philae83 · Answer

bonjour,

parfait, 

* Télécharge VundoFix.exe (par Atribune) sur ton Bureau

http://www.atribune.org/ccount/click.php?id=4

 * Double-clique VundoFix.exe afin de le lancer

* Clique sur le bouton Scan for Vundo

* Lorsque le scan est complété, clique sur le bouton Remove Vundo

* Une invite te demandera si tu veux supprimer les fichiers, clique YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

 
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

pers6006 · Answer

merci pour ton aide,

voila le raVundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:24:08 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\muvecsbd.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\system32\byxvuvv.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\cevagjxy.exe Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\dgjlm.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\ihhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\SYSTEM32\jkhhi.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\wqpmeylw.exe Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\ywwgaihv.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe Has been deleted!

Performing Repairs to the registry.
Done!pport vundofix   


et voila le nouveau rapport HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:43:38, on 19/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xgrpkyym.dll",setvm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12e06faaa13c96209719/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {C942A79B-01ED-47EE-9DAA-1EFAA70DAB8E} (VacPro.int_ver22b) - http://www.muiegaozsicur.com/ocx/intES_ver22b.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {F4653484-F38C-455F-BB15-1175E527754E} (VideoProducer Class) - http://www.jointheorgy.com/static/class/webcam_ie6/webcam2.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O18 - Protocol: bw+0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

pers6006 · Answer

Désolé mais je dois faire quoi maintenant?  merci

attanassovpeter · Answer

Bonsoir. Excuser moi de prendre part dans votre discution mais les win32 que tu à sont des puisant spy  s.t.dire tu peux toujoure faire un netoyage avechijack this, vundofix ex.... c'est bien   mais netoie  ton registre   avec    exa..-https://forums.cnetfrance.fr
                      -http://telechargement.zebulon.fr/license-1-201.html
  et  un outil  comme ---http://www.z-oleg.com/secur/avz/download.php
detection: antivirus,AdWare,Spyware,hacktool,dialaer  ex..Considéré aussi comme un anti-rootkit grace à sa fonction "File->System Investigation"  analyse la "Liste de démarrage"  détecte les keyLogger par leur méthodes de travail, pas par leurs signatures (comme PestPatrol)      fonction insérée dans Windows "wintrust.dll"   ET  Gratuit !!!   Contributeur sur les forums Kaspersky ( https://community.kaspersky.com/ )         et tu devrais  voir  plus claire
AVAST et un bon anti virus gratuit mais je te conseil  ACTIVE VIRUS CHIELD de AOL producted by KASPERSKY aussi GRATUIT.
Bonne chance!!

philae83 · Answer

re

je t'ai donné les manips ici :
 < 16 >  philae83 (lundi 19 mars 2007 à 21:40:36)

à plus tard avec les rapports

pers6006 · Answer

voila le rapport vundo fix je continue avec  hijackthis
a toute a l'heure


VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:24:08 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\muvecsbd.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\system32\byxvuvv.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\cevagjxy.exe Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\dgjlm.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\ihhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\SYSTEM32\jkhhi.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\wqpmeylw.exe Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\ywwgaihv.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\xgrpkyym.dll 
C:\WINDOWS\system32\xgrpkyym.dll  Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 21:52:48 19/03/2007

Listing files found while scanning....

pers6006 · Answer

bizarre avg anti spy ware a fait une analyse complete mais je ne peux pas choisir l'option 3 "appliquer toutes les actions"

philae83 · Answer

tu as quoi comme choix possible ?

sauvegarde tout de même le rapport.

pers6006 · Answer

en face de chaque menace il me propose ignorer une fois, je peux mettre en quarantaine certaine menace mais pas toutes (quand je peux le faire il me propose d'appliquer toutes les actions

philae83 · Answer

ok continue ainsi, et poste le rapport ensuite, on avisera

pers6006 · Answer

bon je sais pas si bien bosser,lol , mais voila les rapport d'avg puis hijackthis




AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	23:37:23 19/03/2007

 + Résultat de l'analyse:	



HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP470\A0086595.exe -> Adware.Casino : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\NDNuninstall6_22.exe -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\PerfectNav -> Adware.PerfectNav : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\PerfectNav\BHO -> Adware.PerfectNav : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Mes documents\film\_Myth_ bonny and clyde gainsbourg 1 (Latest) (Divx).zip/Setup.exe -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP544\A0102995.exe -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\backups\backup-20070319-221055-606.dll -> Adware.Webcam : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP561\A0105744.dll -> Adware.Webcam : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handleres -> Adware.WebSearch : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP560\A0105304.dll -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP560\A0105305.dll -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP560\A0105307.dll -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP560\A0105348.dll -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-2198803970-4052792940-1665168773-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\4X67G1M3\cr_obj[1].htm -> Downloader.Psyme.cd : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temp\ICD3.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temp\ICD4.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temp\ICD5.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\E715SR8G\SystemDoctor2006FreeInstall_fr[1].cab/USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temp\ICD2.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temp\ICD7.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\4X67G1M3\installdrivecleanerstart_fr[1].cab/UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temp\ICD1.tmp\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temp\ICD6.tmp\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temp\ICD8.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\3BXTTTLU\WinAntiVirusPro2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\4X67G1M3\WinAntiSpyware2006FreeInstall_fr[1].cab/UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\8TAJOHMZ\ErrorSafeFrenchNewReleaseInstall[1].cab/UERSV_9999_N91S1912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\E715SR8G\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\P4917PTV\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSV_0001_N91S2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSV_9999_N91S1912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSV_9999_N91S1912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UERSV_9999_N91S1912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\NICO\Cookies
ico@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@bfast[2].txt -> TrackingCookie.Bfast : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@findwhat[1].txt -> TrackingCookie.Findwhat : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@overture[2].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@statcounter[1].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\NICO\Cookies
ico@zedo[1].txt -> TrackingCookie.Zedo : Ignoré.
C:\WINDOWS\Downloaded Program Files\PackageHtml.dll -> Trojan.Dialer.qu : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport





Logfile of HijackThis v1.99.1
Scan saved at 23:38:32, on 19/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {9F3152F3-83B5-409F-A283-8C5C34E33792} - C:\WINDOWS\system32\awtss.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {CD8A3BC6-D7E9-4132-8025-50507795B46f} - C:\WINDOWS\system32\ksbhxmam.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\jwocgebl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32	gjblmjh.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

philae83 · Answer

re

c'est parfait, je regarde tout ça et je reviens.

As tu encore des problèmes visibles ?

pers6006 · Answer

oui,toujours des fenetres de "pub" pour des anti virus,anti espion...

philae83 · Answer

j'allais venir te dire que ce n'était pas terminé....

il faut continuer

* Double-clique VundoFix.exe afin de le lancer

* Clique sur le bouton Scan for Vundo

* Lorsque le scan est complété, clique sur le bouton Remove Vundo

* Une invite te demandera si tu veux supprimer les fichiers, clique YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

pers6006 · Answer

j'ai toujours mes fameux win32... voici les rapports,lol


VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:24:08 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\muvecsbd.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\system32\byxvuvv.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\cevagjxy.exe Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\dgjlm.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\ihhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\SYSTEM32\jkhhi.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\wqpmeylw.exe Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\ywwgaihv.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\xgrpkyym.dll 
C:\WINDOWS\system32\xgrpkyym.dll  Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 21:52:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.ini

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:49:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.tmp

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtss.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\SYSTEM32\mljgd.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini Has been deleted!

Performing Repairs to the registry.
Done!




Logfile of HijackThis v1.99.1
Scan saved at 00:04:29, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32	gjblmjh.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

philae83 · Answer

bon, on avance quand même

* Relance Vundofix
 * Ne clique pas sur "Scan for a vundo"
 * Clique droit au milieu de la fenêtre
 * Clique sur Add more files ?
 * Copie/colle le fichier ci-dessous

C:\WINDOWS\system32	gjblmjh.dll

 * Clique sur Add files
 * Ensuite clique sur Close Windows
 * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
 * Si l'outils demande un redémarrage, accepte
 * Poste le rapport Vundofixensuite

relance hijackthis puis coche et fixe cette ligne

O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32	gjblmjh.dll",setvm 

reposte les rapports stp

pers6006 · Answer

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:24:08 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\muvecsbd.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byxvuvv.dll
C:\WINDOWS\system32\byxvuvv.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\cevagjxy.exe
C:\WINDOWS\SYSTEM32\cevagjxy.exe Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak1
C:\WINDOWS\SYSTEM32\dgjlm.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.bak2
C:\WINDOWS\SYSTEM32\dgjlm.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini
C:\WINDOWS\SYSTEM32\dgjlm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.ini2
C:\WINDOWS\SYSTEM32\dgjlm.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\dgjlm.tmp
C:\WINDOWS\SYSTEM32\dgjlm.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\ihhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\jkhhi.dll
C:\WINDOWS\SYSTEM32\jkhhi.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\oqekrton.dll
C:\WINDOWS\SYSTEM32\oqekrton.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\oyvpyqvx.dll
C:\WINDOWS\SYSTEM32\oyvpyqvx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\uabfxwef.dll
C:\WINDOWS\SYSTEM32\uabfxwef.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\wqpmeylw.exe
C:\WINDOWS\SYSTEM32\wqpmeylw.exe Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\ywwgaihv.exe
C:\WINDOWS\SYSTEM32\ywwgaihv.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\xgrpkyym.dll 
C:\WINDOWS\system32\xgrpkyym.dll  Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 21:52:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.ini

VundoFix V6.3.17

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:49:48 19/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.tmp

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtss.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\SYSTEM32\byxvuvv.dll
C:\WINDOWS\SYSTEM32\byxvuvv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\evnppvcf.dll
C:\WINDOWS\SYSTEM32\evnppvcf.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\jwocgebl.dll
C:\WINDOWS\SYSTEM32\jwocgebl.dll Has been deleted!

 Attempting to delete C:\WINDOWS\SYSTEM32\mljgd.dll
C:\WINDOWS\SYSTEM32\mljgd.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32	gjblmjh.dll 
C:\WINDOWS\system32	gjblmjh.dll  Has been deleted!

Performing Repairs to the registry.
Done!


je t'envoie le rapport hijackthis apré la manip

pers6006 · Answer

ça va t'en as pas marre ? lol


Logfile of HijackThis v1.99.1
Scan saved at 00:24:06, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xnuhemdt.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.winantivirus.com/download/2006/download.php?file=2&aid=nm_ik_wav_kw1_fr_fr&lid=virus&affid=nm_67163_daeab0e0d64011dbaf8b0015c55d3487_68e05e4d+121ea98ae7324fb89596117d42878005
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

philae83 · Answer

ça va t'en as pas marre ? lol 

t'inquiète suis coriace....lol
je regarde ton rapport
je reviens
ne te sauve pas....

philae83 · Answer

re

je ne comprends pas elle est vraiment récalcitrante, de + l'exe a encore changé, pourtant vundo la vire à chaque fois. Je dois rater qq chose, on peut essayer autrement, sinon je verrais demain

* Relance Vundofix
 * Ne clique pas sur "Scan for a vundo"
 * Clique droit au milieu de la fenêtre
 * Clique sur Add more files ?
 * Copie/colle les fichiers ci-dessous 

C:\WINDOWS\system32\xnuhemdt.dll

* Clique sur Add files
 * Ensuite clique sur Close Windows
 * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
 * Si l'outils demande un redémarrage, accepte
 * Poste le rapport Vundofix

puis cette fois, redémarre en mode sans échec pour fixer la ligne
avec hijackthis
mode d'emploi pour le MSE
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924

lance hijackthis puis coche :



O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xnuhemdt.dll",setvm 

clique sur fix checked"

* lance AVG pour un scan complet toujours en mode sans échec, puis sauvegarde le rapport pour le mettre ici ensuite

* redémarre normalement
et poste tous les rapports

je les regarderais demain maintenant,il est tard.

pers6006 · Answer

merci en tous cas,moi aussi commence aetre crevé je ferai tout ça demain...tu seras mise au courant
bye et encore merci

philae83 · Answer

Bonjour,

courte nuit comme tu dis !

rapidement à cette heure ci, je reviendrais après midi

hijackthis tu l'as lancé en MSE ? tu peux en refaire un en mode normal stp.

Apparemment, ça a l'air d'être nettement mieux. Et ton pc lui comment se comporte t il ?

pers6006 · Answer

Re,

Mon pc semble se comporter mieux je pense etre débarasser de mes win32 Vbstat-c , win32 trojan-gen et win 32 BHO-Bg,en revanche j'ai toujours les fenetres qui s'ouvre dé que je vais sur IE

je poste le rapport hijackthis en mode normal

Logfile of HijackThis v1.99.1
Scan saved at 12:14:13, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NICO\Mes documents\logiciels\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.winantivirus.com/download/2006/download.php?file=2&aid=nm_ik_wav_kw1_fr_fr&lid=virus&affid=nm_67163_daeab0e0d64011dbaf8b0015c55d3487_68e05e4d+121ea98ae7324fb89596117d42878005
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F98F9CB6-EAB8-470B-852D-A5F38A915FAD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\NICO\Mes documents\logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

philae83 · Answer

re

en revanche j'ai toujours les fenetres qui s'ouvre dé que je vais sur IE 

explique quelles genres de fenêtres ? fait une capture d'écran à l'occasion stp.
On va faire ceci maintenant

* un scan complet avec AVG, applique les actions, sauvegarde le rapport poste le ensuite

puis

* Fait un scan antivirus en ligne Panda et copie colle le résultat ici
https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm

* tuto en image
https://forum.pcastuces.com/default.asp#haut

à la lettre T

pers6006 · Answer

re,

je viens de lancer le scan avec avg,ça sera long 

les fenetres qui s'ouvrent sont du style winantivirus pro... (comment fait on une capture d'ecran?)

je t'envoie les rapports dé que je peux,merci

philae83 · Answer

je viens de lancer le scan avec avg,ça sera long

les fenetres qui s'ouvrent sont du style winantivirus pro... (comment fait on une capture d'ecran?)

je t'envoie les rapports dé que je peux,merci

je ne comprends pas pourtant on a lancé blacklight, il n'avait rien détecté. Si tu es infecté par winantivirus, il aurait dû donner qq chose.

je n'ai pas besoin de capture d'écran, pour winantivirus, je connais malheureusement que trop bien. Néanmoins blacklight devrait le détecter. 
Il faut rélancer blacklight également

pers6006 · Answer

je le relancerai aprés le scan
enfin bon je vais essayer de faire tout ce que tu me dis ce qui n'ai pas une mince affaire pour ma tite tete lol

philae83 · Answer

enfin bon je vais essayer de faire tout ce que tu me dis ce qui n'ai pas une mince affaire pour ma tite tete lol
mais je trouve que tu t'en sors très bien
si tu as besoin que je te redonne la manip pour blacklight n'hésite pas

pers6006 · Answer

non c bon g la manip pour blacklight,par contre je le fé kan ,aprés le scan AVG ou aprés les autres manip?

pers6006 · Answer

voila le scanAVG maintenant je lance le scan en ligne...

VG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	19:51:26 20/03/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\QNKBH6V2\cr_obj[1].htm -> Downloader.Psyme.cd : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temp\ICD10.tmp\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
C:\Documents and Settings\NICO\Local Settings\Temporary Internet Files\Content.IE5\P4917PTV\installdrivecleanerstart_fr[1].cab/UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
C:\Documents and Settings\NICO\Cookies
ico@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\NICO\Cookies
ico@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\NICO\Cookies
ico@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\NICO\Cookies
ico@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\NICO\Cookies
ico@ehg-hollywood.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\NICO\Cookies
ico@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\NICO\Cookies
ico@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\NICO\Cookies
ico@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\NICO\Cookies
ico@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport

pers6006 · Answer

voila le rapport du scan panda et maintenant je lance blacklight


Incident                                                                        Statut                        Analyse                                                                                                                                                                                                                                                         

Spyware:Cookie/888                                                              No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@888[1].txt                                                                                                                                                                                                          
Spyware:Cookie/888                                                              No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@888[2].txt                                                                                                                                                                                                          
Spyware:Cookie/Adrevolver                                                       No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@adrevolver[1].txt                                                                                                                                                                                                   
Spyware:Cookie/Advertising                                                      No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@advertising[1].txt                                                                                                                                                                                                  
Spyware:Cookie/Cassava                                                          No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@cassava[1].txt                                                                                                                                                                                                      
Spyware:Cookie/DriveCleaner                                                     No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@drivecleaner[1].txt                                                                                                                                                                                                 
Spyware:Cookie/ErrorSafe                                                        No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@errorsafe[1].txt                                                                                                                                                                                                    
Spyware:Cookie/DriveCleaner                                                     No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@stats.drivecleaner[2].txt                                                                                                                                                                                           
Spyware:Cookie/Systemdoctor                                                     No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@systemdoctor[2].txt                                                                                                                                                                                                 
Spyware:Cookie/Winantivirus                                                     No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@winantispyware[2].txt                                                                                                                                                                                               
Spyware:Cookie/Winantivirus                                                     No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@winantivirus[1].txt                                                                                                                                                                                                 
Spyware:Cookie/Systemdoctor                                                     No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@www.systemdoctor[1].txt                                                                                                                                                                                             
Spyware:Cookie/Winantivirus                                                     No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@www.winantivirus[1].txt                                                                                                                                                                                             
Spyware:Cookie/Xiti                                                             No Désinfecté                 C:\Documents and Settings\NICO\Cookies
ico@xiti[2].txt                                                                                                                                                                                                         
Spyware:Spyware/Virtumonde                                                      No Désinfecté                 C:\VundoFix Backups\byxvuvv.dll.bad                                                                                                                                                                                                                             
Outil indésirable:Application/VSToolbar                                         No Désinfecté                 C:\VundoFix Backups\cevagjxy.exe.bad                                                                                                                                                                                                                            
Virus:Trj/BHO.A                                                                 Désinfecté                    C:\VundoFix Backups\evnppvcf.dll.bad                                                                                                                                                                                                                            
Virus:Trj/BHO.A                                                                 Désinfecté                    C:\VundoFix Backups\jwocgebl.dll.bad                                                                                                                                                                                                                            
Adware:Adware/WinAntivirus2006                                                  No Désinfecté                 C:\VundoFix Backups\oqekrton.dll.bad                                                                                                                                                                                                                            
Adware:Adware/WinAntivirus2006                                                  No Désinfecté                 C:\VundoFix Backups\oyvpyqvx.dll.bad                                                                                                                                                                                                                            
Spyware:Spyware/Virtumonde                                                      No Désinfecté                 C:\VundoFix Backups	gjblmjh.dll .bad                                                                                                                                                                                                                           
Adware:Adware/WinAntivirus2006                                                  No Désinfecté                 C:\VundoFix Backups\uabfxwef.dll.bad                                                                                                                                                                                                                            
Outil indésirable:Application/VSToolbar                                         No Désinfecté                 C:\VundoFix Backups\wqpmeylw.exe.bad                                                                                                                                                                                                                            
Spyware:Spyware/Virtumonde                                                      No Désinfecté                 C:\VundoFix Backups\xgrpkyym.dll .bad                                                                                                                                                                                                                           
Spyware:Spyware/Virtumonde                                                      No Désinfecté                 C:\VundoFix Backups\xnuhemdt.dll.bad                                                                                                                                                                                                                            
Outil indésirable:Application/VSToolbar                                         No Désinfecté                 C:\VundoFix Backups\ywwgaihv.exe.bad                                                                                                                                                                                                                            
Outil indésirable:application/bestoffer                                         No Désinfecté                 C:\WINDOWS\smdat32m.sys                                                                                                                                                                                                                                         
Virus:Bck/Diazom.AP                                                             Désinfecté                    C:\WINDOWS\SYSTEM32\csokqbhc.dll                                                                                                                                                                                                                                
Virus:Bck/Diazom.AP                                                             Désinfecté                    C:\WINDOWS\SYSTEM32\gqvkcggv.dll                                                                                                                                                                                                                                
Virus:Trj/BHO.A                                                                 Désinfecté                    C:\WINDOWS\SYSTEM32\ioxexwqv.dll                                                                                                                                                                                                                                
Spyware:Spyware/Virtumonde                                                      No Désinfecté                 C:\WINDOWS\SYSTEM32\qporvryn.dll                                                                                                                                                                                                                                
Virus:Bck/Diazom.AP                                                             Désinfecté                    C:\WINDOWS\SYSTEM32hylrxbv.dll                                                                                                                                                                                                                                
Virus:Bck/Diazom.AP                                                             Désinfecté                    C:\WINDOWS\SYSTEM32\senbjstd.dll                                                                                                                                                                                                                                
Virus:Bck/Diazom.AP                                                             Désinfecté                    C:\WINDOWS\SYSTEM32\vwxnlfax.dll                                                                                                                                                                                                                                
Virus:Bck/Diazom.AP                                                             Désinfecté                    C:\WINDOWS\SYSTEM32\ytmcawjr.dll

philae83 · Answer

blacklight n'a pas terminé son scan ?

pers6006 · Answer

si si le voila...j'étais en train de me restaurer lol

03/20/07 21:03:50 [Info]: BlackLight Engine 1.0.55 initialized
03/20/07 21:03:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/20/07 21:03:50 [Note]: 7019 4
03/20/07 21:03:50 [Note]: 7005 0
03/20/07 21:04:08 [Note]: 7006 0
03/20/07 21:04:08 [Note]: 7011 1724
03/20/07 21:04:08 [Note]: 7026 0
03/20/07 21:04:08 [Note]: 7026 0
03/20/07 21:04:30 [Note]: FSRAW library version 1.7.1021
03/20/07 21:30:53 [Note]: 7007 0

philae83 · Answer

tu as raison, il le faut aussi.

on reprend

supprime
c:\vundofix

puis * Assure toi d'avoir accès à tous les fichiers

-démarrer

-poste de travail ou autre dossier

-menu outils

-options de dossier

-onglet affichage

puis

- activer la case : Afficher les fichiers et dossiers cachés

- désactiver la case : Masquer les extensions des fichiers dont le type est connu

- désactiver  la case : Masquer les fichier protégés du système d'exploitation

Puis  - Appliquer

* et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :

C:\WINDOWS\smdat32m.sys 
C:\WINDOWS\SYSTEM32\qporvryn.dll 

* Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système

si ce n'est pas possible essaye en mode sans échec, sinon on trouvera autre chose.

pers6006 · Answer

attends excuse moi il me faut quelques précisions je supprime quoi? vundofix.exe,vundofixbackup,vundofix.txt...je pense que ma question est nulle mais bon,je le suis aussi lol

philae83 · Answer

non ta question n'est pas nulle, tu supprimes tout ce qui correspond à vundo maintenant

pers6006 · Answer

voila c'est fait !

philae83 · Answer

as tu trouvé et supprimer sans problème


C:\WINDOWS\smdat32m.sys
C:\WINDOWS\SYSTEM32\qporvryn.dll

pers6006 · Answer

oui oui j'ai trouvé et supprimé sans problème C:\WINDOWS\smdat32m.sys 
C:\WINDOWS\SYSTEM32\qporvryn.dll

philae83 · Answer

parfait, tu en es où avec tes problèmes ?

pers6006 · Answer

ben écoute je pense que tu as été d'une trés grande efficacité si c'est le cas je te tire mon chapeau et te remercie vivement!!!!!
par contre mes enceintes ne marchent plus pensent tu qu'il puisse y avoir un rapport (elles sont ben branchées,lol)

pers6006 · Answer

oups g encore des fenetres qui s'ouvrent su IE (derniere en date tv-sur-pc.com)...

philae83 · Answer

re

sincèrement je ne pense pas qu'on puisse y faire quelque chose. Peut être fatiguées....

maintenant, tu peux :

supprimer
blacklight

* démarrer-----------panneau de configuration------------système----------

onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------

redémarre l'ordinateur
 ré active la ensuite

* Dénonce ton infection pour faire condamner les auteurs.


Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :

- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
La tienne = ******

---> https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)


Indique aussi le nom du Forum qui t'a aidé, CommentCaMarche

* lit ces liens pour apprendre à sécuriser ton pc pour éviter de recommencer ces mêmes galères

securite proteger un ordinateur contre les malwares d internet
et
https://forum.pcastuces.com/default.asp

* met ton sujet en RESOLU stp. Merci

bonne soirée

pers6006 · Answer

Un grand merci pour ton aide et au forum de CommentCaMarche

Win32...

51 réponses

Votre réponse

Discussions similaires

Newsletters