[Virus] Infecté par Win32:VBStat-C - Page 2

Résolu
Précédent
  • 1
  • 2
  1. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    désactive ta restauration
    clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
    redémarre ton PC
    démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration

    si tout va bien supprime tout ce qu'on a utilisé car ce ne sera plus utile désormais
    conserve néanmoins ccleaner et effectue le nettoyage tous les jours avant de couper le PC

    installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
    AVG Antispyware
    https://www.avg.com/en-ww/free-antivirus-download

    mode d'utilisation :
    Lance AVG Anti-Spyware, mets le à jour,
    Clique sur le bouton « Analyse »
    Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
    Retour à l'onglet Analyse.
    Clique sur Analyse complète du système.
    A la fin du scan, choisis " Appliquer toutes les actions "
    Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    tu peux le coupler avec celui-ci
    spybot search and destroy
    https://www.safer-networking.org/?page=download

    défragmente

    pense à bien te protéger, la sécurité c'est très important mais ne remplace pas l'internaute, un surf prudent en évitant le crack, les sites "chauds", permet déjà d'éviter bien des soucis, le P2P lui aussi est source d'infections...
    j'ai découvert ce lien qui est plutôt pas mal à ce sujet
    https://forum.pcastuces.com/default.asp

    et bon surf
    0
  2. yeager Messages postés 13 Statut Membre
     
    merci beaucoup mister papyber et j'espere pas à bientôt ! ;)
    0
  3. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    moi de même
    bon surf, prudent!!! mdr!!!
    0
  4. Miss_Garfield
     
    Bonjour

    Je suis nouvelle ici et trouve ce site très intéressant

    J'ai le même problème, j'ai un cheval de troie nommé du même nom.

    Mais étant aucunement qualifiée en informatique je suis un peu perdue pour trouver la solution

    Est-ce possible de m'aider S.V.P.

    Miss_Garfield
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Miss_Garfield
     
    Re...bonjour

    je met ici mon hijackthis

    P-e que ma réponse viendras plus vite qui sait :S

    Merci <

    Miss_Garfield

    Logfile of HijackThis v1.99.1
    Scan saved at 11:10:38, on 2007-05-21
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Avast Antivirus\aswUpdSv.exe
    C:\Program Files\Avast Antivirus\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\AVASTA~1\ashDisp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avast Antivirus\ashMaiSv.exe
    C:\WINDOWS\retadpu1000272.exe
    C:\Program Files\Avast Antivirus\ashWebSv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\MétéoMédia\WeatherEye.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    D:\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=userinit.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Clone CD\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\lqcocvxb.dll",realset
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MétéoIMédia] D:\MétéoMédia\WeatherEye.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Download with &Shareaza - res://D:\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O18 - Protocol: bw+0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - (no file)
    O20 - AppInit_DLLs: Runner.dll,Runner.dll,abnihckl.dll,Runner.dll,oanefofe.dll,SDRunner.dll,ibnpfipi.dll,Runner.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  7. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    télécharge GenProc de Jean-Chretien1 et Narco4 sur ton bureau
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    poste les rapports car parfois il faut ajouter des consignes à la manip pour que cela fonctionne parfaitement
    0
  8. Miss_Garfield
     
    Quelqu'un peut m'aider s.v.p.

    J'essaie de faire la même chose que ce qui est mentionné avec l'autre utilisateur mais ayant pas les même log de hijackthis c'est difficile pour moi...

    et surtout que je suis très novice dans le domaine...

    Je trouve le site très intéressant mais ... on a pas tous la même compétance, donc une aide particulière me serais très utile car ce que je vois comme lunière au bout de ce tunnel infernal est un formatage complet....

    :-(

    S.V.P. aidez-moi

    Miss_Garfield
    0
  9. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    lis ce que je t'ai mis plus haut!!
    0
  10. Miss_Garfield
     
    Voici le rapport Merci papyber de vouloir m'aider...

    Rapport GenProc 0.51 [1] effectué le 2007-05-21 à 12:55:04,37 - SystemRoot = C:\WINDOWS

    # Etape 1/ Télécharge :

    - CCleaner http://www.filehippo.com/download_ccleaner.html ("Download Latest Version", sur la droite).
    Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    - VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

    - combofix.exe (par [b]sUBs[/b]) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau

    - SDfix http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

    - Purity.zip http://www.alt-shift-return.org/Info/Fichiers/Purity.zip et décompresse-le sur le bureau.

    ***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "Rémi") *****

    # Etape 2/

    Double-clique sur le fichier Purity.bat qui se trouve dans le dossier Purity, sur ton bureau, et patiente.

    # Etape 3/

    * Double-clique VundoFix.exe afin de le lancer
    Clique sur le bouton Scan for Vundo
    Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
    Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    0
  11. Miss_Garfield
     
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

    * Double clique [b]combofix.exe[/b].
    Tape sur la touche Y (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra

    # Etape 4/

    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur "RunThis.bat" pour lancer le script.
    - Appuie sur "Y" pour commencer le processus de nettoyage.
    - Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    - Appuie sur une touche pour redémarrer le PC.
    - Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    - Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
    - Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    - Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom "Report.txt".
    ~ Le fichier "SDFIX_README.htm" (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
    ~ Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésite donc pas à télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

    # Etape 5/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 6/

    Redémarre normalement et poste :
    - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ;
    - Le contenu du rapport situé dans C:\vundofix.txt ;
    - Le contenu du rapport situé dans C:\Combofix.txt ;
    - Le contenu du fichier Report.txt ;
    - Le contenu du rapport Purity.txt situé dans le dossier Purity, sur ton Bureau ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
    0
  12. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    tu fais très exactement ce que demande GenProc et tu postes les rapports
    0
    1. Miss_Garfield
       
      Merci papyber


      est-ce que je te poste le résultat de CCleaner ?? où je continue avec VundoFix
      0
  13. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    non pas besoin de ccleaner
    tu supprimes tout ce qu'il trouve et tu passes à la suite
    0
  14. lapasdouee
     
    Bonsoir Papyber,

    En effet c'est une maladie courante en ce moment. je suis ds le meme cas que Miss_Garfield. je suis plus que novice en info.

    Ci dessous mon scan sous hijackthis. si vous pouviez m'aider ca serait bien cool :-)

    Merci par avance..

    lapasdouée

    Logfile of HijackThis v1.99.1
    Scan saved at 21:40:22, on 21/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\1XConfig.exe
    C:\WINDOWS\VdCap03C\BisonCom.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Documents and Settings\Aurélien\Mes documents\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\USB Product Driver v2.12r010\shwicon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\lyhqlqmj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\vturrss.dll
    O2 - BHO: (no name) - {D82F8CB2-37C0-4604-A0AB-2A0F06E80BFD} - C:\WINDOWS\system32\ssttt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Aurélien\Mes documents\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ShowIcon_ASUS_USB Product Driver v2.12r010] "C:\Program Files\USB Product Driver v2.12r010\shwicon.exe" -t"ASUS\USB Product Driver v2.12r010"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\bsmhppjt.dll",realset
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
    O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll
    O20 - Winlogon Notify: vturrss - C:\WINDOWS\SYSTEM32\vturrss.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    0
    1. papyber Messages postés 6430 Statut Contributeur sécurité 257
       
      crée ton propre sujet car sinon on va s'enmêler
      tu y indiques tes soucis, ton rapport hijack et puis tu fais aussi ceci
      Télécharge VundoFix.exe (par Atribune) sur ton Bureau
      http://www.atribune.org/ccount/click.php?id=4
      clic double sur VundoFix.exe afin de le lancer
      clic sur le bouton Scan for Vundo
      Lorsque le scan est complété, clic sur le bouton Remove Vundo
      Une invite te demandera si tu veux supprimer les fichiers, clic YES
      Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
      Tu verras une invite qui t'annonce que ton PC va redémarrer;
      clic OK
      Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

      Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clic sur le bouton Scan for Vundo".
      0
      1. lapasdouee > papyber Messages postés 6430 Statut Contributeur sécurité
         
        Désolée papyber, premier trojan premier forum,

        quand je dis que je suis pas douée!! ;)
        voici les raports

        vundo rapports

        C:\WINDOWS\system32\bsmhppjt.dll
        C:\WINDOWS\system32\lyhqlqmj.dll
        C:\WINDOWS\system32\pmnljkj.dll
        C:\WINDOWS\system32\rrutv.ini
        C:\WINDOWS\system32\ssttt.dll
        C:\WINDOWS\system32\tjpphmsb.ini
        C:\WINDOWS\system32\tttss.bak1
        C:\WINDOWS\system32\tttss.bak2
        C:\WINDOWS\system32\tttss.ini
        C:\WINDOWS\system32\tttss.ini2
        C:\WINDOWS\system32\vturr.dll
        C:\WINDOWS\system32\vturrss.dll

        HijackThis rapports

        Logfile of HijackThis v1.99.1
        Scan saved at 22:23:37, on 21/05/2007
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\S24EvMon.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\ZCfgSvc.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\VdCap03C\BisonCom.exe
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\WINDOWS\ATK0100\Hcontrol.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
        C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
        C:\Documents and Settings\Aurélien\Mes documents\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\USB Product Driver v2.12r010\shwicon.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
        C:\WINDOWS\retadpu1000272.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
        C:\WINDOWS\system32\RegSrvc.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\system32\1XConfig.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\ATK0100\ATKOSD.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: (no name) - {D3CCB17C-15D5-4975-9E91-07FDC6751458} - C:\WINDOWS\system32\ssttt.dll (file missing)
        O2 - BHO: (no name) - {D82F8CB2-37C0-4604-A0AB-2A0F06E80BFD} - C:\WINDOWS\system32\ssttt.dll (file missing)
        O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
        O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
        O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
        O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Aurélien\Mes documents\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ShowIcon_ASUS_USB Product Driver v2.12r010] "C:\Program Files\USB Product Driver v2.12r010\shwicon.exe" -t"ASUS\USB Product Driver v2.12r010"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
        O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
        O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
        O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
        O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
        O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
        O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

        merci de ton aide..

        ++
        0
      2. lapasdouee > papyber Messages postés 6430 Statut Contributeur sécurité
         
        je reconnais mon erreur j'ai m...é j'ai suivi tes conseils et je suis arrivée à créer un sujet...

        merci de ton aide!
        0
  15. Miss_Garfield
     
    Bonjour papyber...

    Voici mes résultats

    Logfile of HijackThis v1.99.1
    Scan saved at 08:12, on 2007-05-22
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Avast Antivirus\aswUpdSv.exe
    C:\Program Files\Avast Antivirus\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\AVASTA~1\ashDisp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avast Antivirus\ashMaiSv.exe
    D:\MétéoMédia\WeatherEye.exe
    C:\Program Files\Avast Antivirus\ashWebSv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - D:\Shareaza\Plugins\RazaWebHook.dll
    O2 - BHO: (no name) - {3BA4CE44-A374-45BA-9B03-7DE1645D371F} - C:\WINDOWS\system32\jkkjg.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {A1F112B1-C606-43F6-ABAA-6AE89AB30C41} - C:\WINDOWS\system32\pmnnn.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Clone CD\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MétéoIMédia] D:\MétéoMédia\WeatherEye.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Download with &Shareaza - res://D:\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O18 - Protocol: bw+0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    VundoFix V6.3.23

    Checking Java version...

    Java version is 1.5.0.7
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 08:47:11 2007-05-21

    Listing files found while scanning....

    C:\WINDOWS\system32\bxvcocql.ini
    C:\WINDOWS\system32\datxrtcq.dll
    C:\WINDOWS\system32\lqcocvxb.dll
    C:\WINDOWS\system32\pmnnn.dll
    C:\WINDOWS\system32\qctrxtad.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\bxvcocql.ini
    C:\WINDOWS\system32\bxvcocql.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\datxrtcq.dll
    C:\WINDOWS\system32\datxrtcq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lqcocvxb.dll
    C:\WINDOWS\system32\lqcocvxb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnn.dll
    C:\WINDOWS\system32\pmnnn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qctrxtad.ini
    C:\WINDOWS\system32\qctrxtad.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.23

    Checking Java version...

    Java version is 1.5.0.7
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 13:42:00 2007-05-21

    Listing files found while scanning....

    C:\WINDOWS\system32\gjkkj.bak1
    C:\WINDOWS\system32\gjkkj.ini
    C:\WINDOWS\system32\jddbxsqw.dll
    C:\WINDOWS\system32\jkkjg.dll
    C:\WINDOWS\system32\wqsxbddj.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gjkkj.bak1
    C:\WINDOWS\system32\gjkkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjkkj.ini
    C:\WINDOWS\system32\gjkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jddbxsqw.dll
    C:\WINDOWS\system32\jddbxsqw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkjg.dll
    C:\WINDOWS\system32\jkkjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wqsxbddj.ini
    C:\WINDOWS\system32\wqsxbddj.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.23

    Checking Java version...

    Java version is 1.5.0.7
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 21:36:55 2007-05-21

    Listing files found while scanning....

    C:\WINDOWS\system32\jjkkj.bak1
    C:\WINDOWS\system32\jjkkj.ini
    C:\WINDOWS\system32\jkkjj.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\jjkkj.bak1
    C:\WINDOWS\system32\jjkkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjkkj.ini
    C:\WINDOWS\system32\jjkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkjj.dll
    C:\WINDOWS\system32\jkkjj.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.23

    Checking Java version...

    Java version is 1.5.0.7
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 21:54:51 2007-05-21

    Listing files found while scanning....

    C:\WINDOWS\system32\jjkkj.ini
    C:\WINDOWS\system32\jkkjj.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\jjkkj.ini
    C:\WINDOWS\system32\jjkkj.ini Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\jkkjj.dll
    C:\WINDOWS\system32\jkkjj.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.23

    Checking Java version...

    Java version is 1.5.0.7
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 22:55:59 2007-05-21

    Listing files found while scanning....

    No infected files were found.

    "R‚mi" - 2007-05-21 22:09:48 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\R‚mi\Bureau\"

    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\ddccd.dll
    C:\WINDOWS\system32\ssqpp.dll
    C:\WINDOWS\system32\vtstu.dll
    C:\WINDOWS\system32\ddcawtt.dll
    C:\WINDOWS\system32\opnmllj.dll
    C:\WINDOWS\system32\qomjkii.dll
    C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\dccdd.ini
    C:\WINDOWS\system32\jjkkj.ini
    C:\WINDOWS\system32\jjkkj.ini2
    C:\WINDOWS\system32\jjkkj.tmp
    C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\nnnmp.bak1
    C:\WINDOWS\system32\nnnmp.bak2
    C:\WINDOWS\system32\nnnmp.ini
    C:\WINDOWS\system32\jkkjj.dll
    C:\WINDOWS\system32\vtuusss.dll

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\cfg32.exe
    C:\WINDOWS\keyboard101.dat
    C:\WINDOWS\keyboard111.dat
    C:\WINDOWS\keyboard91.dat
    C:\WINDOWS\retadpu1000272.exe
    C:\WINDOWS\b136.exe

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 ))))))))))))))))))))))))))))))))))

    2007-05-21 14:06 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-05-21 14:06 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
    2007-05-21 14:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
    2007-05-21 14:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
    2007-05-21 14:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
    2007-05-21 14:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
    2007-05-21 14:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
    2007-05-21 14:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
    2007-05-21 08:47 <REP> d-------- C:\VundoFix Backups
    2007-05-20 18:10 <REP> d--h----- C:\WINDOWS\PIF
    2007-05-17 21:06 <REP> d-------- C:\Program Files\Oberon Media
    2007-05-17 10:53 398,416 --a------ C:\WINDOWS\system\Vbrun300.dll
    2007-05-16 14:35 <REP> d-------- C:\Program Files\Zylom Games
    2007-05-16 11:34 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    2007-05-16 11:05 139,264 --a------ C:\WINDOWS\NeoUninstall.exe
    2007-05-16 09:18 <REP> d-------- C:\DOCUME~1\RMI~1\APPLIC~1\Absolutist.com
    2007-05-16 09:15 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
    2007-05-16 09:14 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio
    2007-05-15 17:55 122,880 --a------ C:\WINDOWS\UnGins.exe
    2007-05-15 17:42 <REP> d-------- C:\Program Files\GameHouse
    2007-05-15 11:36 <REP> d-------- C:\Program Files\Adventure Inlay
    2007-05-15 09:22 415 --a------ C:\WINDOWS\wwwconfig.dat
    2007-05-15 07:55 <REP> d-------- C:\DOCUME~1\RMI~1\APPLIC~1\SolSuite
    2007-05-14 13:07 <REP> d-------- C:\DOCUME~1\RMI~1\APPLIC~1\MahJong Suite
    2007-05-14 12:00 1,024 --a------ C:\WINDOWS\jericho_game_ra.dat
    2007-05-13 09:31 297 --a------ C:\WINDOWS\bbbconfig.dat
    2007-05-12 15:02 <REP> d-------- C:\DOCUME~1\RMI~1\APPLIC~1\Vso
    2007-05-02 18:25 <REP> d-------- C:\Program Files\Fichiers communs\AnswerWorks 4.0
    2007-05-02 18:25 <REP> d-------- C:\ImpotRapide 2006
    2007-05-01 09:37 9,437,184 --a------ C:\DOCUME~1\RMI~1\ntuser.dat

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-18 01:12:16 -------- d-----w C:\DOCUME~1\RMI~1\APPLIC~1\Magic Match
    2007-05-17 14:52:34 204 ----a-w C:\WINDOWS\popcinfo.dat
    2007-05-17 14:36:19 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2007-05-17 13:32:31 1,024 ----a-w C:\WINDOWS\chamber_game_ra.dat
    2007-05-17 01:42:58 -------- d-----w C:\DOCUME~1\RMI~1\APPLIC~1\Zylom
    2007-05-16 15:44:56 -------- d-----w C:\DOCUME~1\RMI~1\APPLIC~1\Azureus
    2007-05-16 14:58:32 -------- d-----w C:\DOCUME~1\RMI~1\APPLIC~1\LimeWire
    2007-05-16 14:01:25 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-16 01:23:43 -------- d-----w C:\Program Files\MSN Messenger
    2007-05-15 16:03:48 -------- d-----w C:\Program Files\Avast Antivirus
    2007-05-15 02:43:21 16 ----a-w C:\WINDOWS\bfpw.dat
    2007-05-01 20:40:40 40 ----a-w C:\WINDOWS\RSoftInfo.dat
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-27 18:44:13 -------- d-----w C:\DOCUME~1\RMI~1\APPLIC~1\funkitron
    2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-05 21:30:57 -------- d-----w C:\Program Files\Realtek
    2007-04-05 19:39:11 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-03-28 11:07:51 -------- d-----w C:\DOCUME~1\RMI~1\APPLIC~1\Incredible Ink
    2007-03-26 23:21:06 4,395,008 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2007-03-23 23:19:10 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
    2007-03-21 18:49:20 16,126,464 ----a-w C:\WINDOWS\RTHDCPL.exe
    2007-03-19 19:48:57 63,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-03-19 19:48:57 445,346 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-16 19:06:54 1,822,720 ----a-w C:\WINDOWS\SkyTel.exe
    2007-03-16 11:53:17 -------- d-----w C:\Program Files\WnRar
    2007-03-09 18:54:08 -------- d-----w C:\Program Files\Fichiers communs\Logitech
    2007-03-09 18:47:15 -------- d-----w C:\DOCUME~1\RMI~1\APPLIC~1\Logitech
    2007-03-09 18:44:56 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2007-03-09 18:44:47 -------- d-----w C:\Program Files\Logitech
    2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39]
    {0EEDB912-C5FA-486F-8334-57288578C627}=D:\Shareaza\Plugins\RazaWebHook.dll [2004-07-12 22:22]
    {3BA4CE44-A374-45BA-9B03-7DE1645D371F}=C:\WINDOWS\system32\jkkjg.dll []
    {53707962-6F74-2D53-2644-206D7942484F}=D:\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {A1F112B1-C606-43F6-ABAA-6AE89AB30C41}=C:\WINDOWS\system32\pmnnn.dll []
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 10:25]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
    "MessengerPlus3"="C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe" [2006-10-01 18:05]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-21 00:00]
    "CloneCDElbyCDFL"="D:\Clone CD\CloneCD\ElbyCheck.exe" [2002-11-02 02:33]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
    "avast!"="C:\PROGRA~1\AVASTA~1\ashDisp.exe" [2007-04-30 11:42]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
    "RTHDCPL"="RTHDCPL.EXE" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00]
    "MessengerPlus3"="C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe" [2006-10-01 18:05]
    "@"="" []
    "PowerBar"="" []
    "MétéoIMédia"="D:\MétéoMédia\WeatherEye.exe" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 21:32]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 14:44]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "VundoFix"="C:\Documents and Settings\Rémi\Bureau\vundofix.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070521-122519-241
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    backup-20070521-122519-387
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\lqcocvxb.dll",realset

    backup-20070520-183839-941
    O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe

    backup-20070520-183253-890
    O4 - HKCU\..\Run: [Cld2000.exe] D:\Calendrier\Cld2000.exe

    backup-20070520-182641-391
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    backup-20070520-182042-448
    R3 - URLSearchHook: (no name) - {AA48849D-EF5E-7E63-0950-26C611468270} - C:\WINDOWS\Smsnnyfn.dll (file missing)

    backup-20070520-181724-290
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    backup-20060629-155829-371
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    ???????????????????????????????????????????4???????????????????????????????????????????????????????????????????????=????????????????????????????????????????????????????????????????????????????????

    backup-20060629-155828-451
    O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"

    backup-20060629-155828-472
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    Contents of the 'Scheduled Tasks' folder
    2007-05-18 21:15:00 C:\WINDOWS\tasks\Maintenance en 1 clic.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-21 22:49:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ???????????g??w???w???????w???wx??????????w???????? ??????????????|x???0???????????? jt???w????????????????d ??????????????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    ********************************************************************

    fix lancé en mode sans echec
    Rapport Purity 0.02 lancé [1] fois! le 2007-05-21 à 21:35:58,81
    Liste des éléments rencontrés au cours de la Recherche...

    C:\Program Files\Fichiers communs\Yazzle*Oin*.exe

    fichiers,dossiers sauvegardés dans C:\Documents and Settings\Rémi\Bureau\Purity\Purity40.zip
    Fin du rapport

    Merci papyber j'attend ta réponse

    Miss_Garfield
    0
  16. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    bon on a avancé
    lance hijack pour un scan et coche les lignes suivantes
    O2 - BHO: (no name) - {3BA4CE44-A374-45BA-9B03-7DE1645D371F} - C:\WINDOWS\system32\jkkjg.dll (file missing)
    O2 - BHO: (no name) - {A1F112B1-C606-43F6-ABAA-6AE89AB30C41} - C:\WINDOWS\system32\pmnnn.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O18 - Protocol: bw+0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    ferme toutes tes fenêtres et y compris internet et clic sur fixer l'objet

    si tout va bien supprime tout ce qu'on a utilisé pour la désinfection car ce ne sera plus utile désormais
    passe un coup de ccleaner

    faire un scan antivirus en ligne avec internet explorer et accepter l'activex
    poster le rapport ici ensuite
    https://www.bitdefender.fr/

    En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    Dans la nouvelle fenêtre, clique sur I agree
    La fenêtre change encore, clique sur Click here to scan
    Les signatures se chargent, etc.

    tuto en image
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm
    0
  17. Miss_Garfield Messages postés 2 Statut Membre
     
    Papyber, je suis à l'étape de scanner en ligne et j,ai une fenêtre qui apparait , je ne sais quoi faire

    le titre de la fenêtre est :

    Confirmer le remplacement du fichier

    Source: C:\DOCUME~1\RMI~1\LOCALS~1\Temp\ICD1.tmp\bdcore.dll

    Cible: C:\WINDOWS\BDOSCAN8\bdcore.dll

    Le fichier cible existe et est plus récent que le fichier source

    Remplacer le fichier le plus récent ?

    OUI NON NON(Tous)

    Je fais quoi ??? :S:S:S
    0
  18. Miss_Garfield Messages postés 2 Statut Membre
     
    Bon enfin terminé de scanner....

    Voici le résultat du scan

    BitDefender Online Scanner

    Rapport d'analyse généré à: Tue, May 22, 2007 - 13:09:19

    Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;

    Statistiques

    Temps
    02:11:54

    Fichiers
    679267

    Directoires
    12826

    Secteurs de boot
    8

    Archives
    9985

    Paquets programmes
    39308

    Résultats

    Virus identifiés
    2

    Fichiers infectés
    2

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    2

    Info sur les moteurs

    Définition virus
    507724

    Version des moteurs
    AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    6

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    D:\Script mIRC\andromedescript.exe=>(RAR Sfx o)=>Andromede Script\mIRC\mirc.exe
    Infecté par: Trojan.Mirchack.A

    D:\Script mIRC\andromedescript.exe=>(RAR Sfx o)=>Andromede Script\mIRC\mirc.exe
    Echec de la désinfection

    D:\Script mIRC\andromedescript.exe=>(RAR Sfx o)=>Andromede Script\mIRC\mirc.exe
    Supprimé

    D:\Script mIRC\andromedescript.exe=>(RAR Sfx o)
    Echec de la mise à jour

    E:\Magic Ball2\Magic Ball 2\MagicBall2.RWG
    Infecté par: Backdoor.Ircbot.AZ

    E:\Magic Ball2\Magic Ball 2\MagicBall2.RWG
    Echec de la désinfection

    E:\Magic Ball2\Magic Ball 2\MagicBall2.RWG
    Supprimé

    Merci encore papyber

    Tu pourrais me dire si tout est ok afin de faire un point de restauration système au cas où :-D

    Un gros merci

    Miss_Garfield
    0
  19. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    c'est pratiquement bon
    fais encore ceci
    supprime les fichiers en gras
    D:\Script mIRC\andromedescript.exe=>(RAR Sfx o)=>Andromede Script\mIRC\mirc.exe
    Infecté par: Trojan.Mirchack.A
    E:\Magic Ball2\Magic Ball 2\MagicBall2.RWG
    Infecté par: Backdoor.Ircbot.AZ

    désactive ta restauration
    clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
    redémarre ton PC
    clique droit sur poste de travail/propriétés/décoche la case désactiver la restauration, appliquer
    démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration

    si tout va bien supprime tout ce qu'on a utilisé car ce ne sera plus utile désormais
    conserve néanmoins ccleaner et effectue le nettoyage tous les jours avant de couper le PC

    installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
    AVG Antispyware
    https://www.avg.com/en-ww/free-antivirus-download

    mode d'utilisation :
    Lance AVG Anti-Spyware, mets le à jour,
    Clique sur le bouton « Analyse »
    Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
    Retour à l'onglet Analyse.
    Clique sur Analyse complète du système.
    A la fin du scan, choisis " Appliquer toutes les actions "
    Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    tu peux le coupler avec celui-ci
    spybot search and destroy
    https://www.safer-networking.org/?page=download

    défragmente

    pense à bien te protéger, la sécurité c'est très important mais ne remplace pas l'internaute, un surf prudent en évitant le crack, les sites "chauds", permet déjà d'éviter bien des soucis, le P2P lui aussi est source d'infections...
    j'ai découvert ce lien qui est plutôt pas mal à ce sujet
    https://forum.pcastuces.com/default.asp

    et bon surf
    0
Précédent
  • 1
  • 2