[Spyware] Spyware-secure et ce qui va avec...

Résolu
Nex10 Messages postés 11 Date d'inscription   Statut Membre -  
moK´s@ Messages postés 4410 Statut Membre -
Bonjour à tous et merci d'avance !

Voilà spyware-secure et toute la clique qui va bien avec me submerge et ralentit mes applicaions même après divers défragmentation et scans complet de ma machine.
L'ouverture des spyware et autres semblent apparaître dès l'ouverture de msn messenger.

Je poste mon rapport hijack dans l'espérence que quelqu'un ici pourra m'aider.

Logfile of HijackThis v1.99.1
Scan saved at 10:32:50, on 29/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://192.168.100.1/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\llbqpxke.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\efcbcby.dll (file missing)
O2 - BHO: (no name) - {918ECBC5-40FC-47FF-9E95-EFE4F852839B} - C:\WINDOWS\system32\pmkjk.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NB Probe] "C:\Program Files\ASUS\NB Probe\NBProbe.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Rayman Raving Rabbids
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ixsdjvtx.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: efcbcby - efcbcby.dll (file missing)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tvcvifhx.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
Configuration: Windows XP
Firefox 2.0.0.4

10 réponses

  1. Nex10 Messages postés 11 Date d'inscription   Statut Membre
     
    Re...
    Bon, je suis un peu vexé que l'on m'oublie alors qe l'on répond au même problème pour les autres, du coup je suis les instructions dont vous leur faites part histoire d'avancer chez moi.
    Donc, le rapport navilog1 ci-dessous :

    Search Navipromo version 2.0.3 commencé le 29/06/2007 à 12:09:35,78

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\Nex\Application Data ***

    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    https://www.f-secure.com/en

    Fichier(s) caché(s) dans C:\WINDOWS\system32 :

    c:\WINDOWS\system32\cywliwaima.dat
    C:\windows\system32\cywliwaima.exe
    c:\WINDOWS\system32\cywliwaima_nav.dat
    c:\WINDOWS\system32\cywliwaima_navps.dat

    Processus caché(s) dans C:\WINDOWS\system32 :

    C:\windows\system32\cywliwaima.exe

    *** Recherche fichiers ***

    C:\WINDOWS\pack.epk trouvé !
    C:\WINDOWS\system32\nvs2.inf trouvé !

    *** Recherche cles registre ***

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

    Recherche Clé Magic Control

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !
    HKEY_USERS\S-1-5-21-299502267-823518204-839522115-1003\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    C:\WINDOWS\system32\kjkmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
    C:\WINDOWS\system32\kjkmp.bak2 trouvé ! infection Vundo possible non traité par cet outil !

    2)Recherche Heuristique :
    *
    C:\WINDOWS\system32\cywliwaima.dat trouvé !
    **
    C:\WINDOWS\system32\cywliwaima.dat trouvé !
    ***
    ****
    C:\WINDOWS\system32\cywliwaima_navps.dat trouvé !
    *****
    ******
    *******
    ********

    *** Analyse Terminé le 29/06/2007 à 12:13:54,06 ***
    0
  2. Nex10 Messages postés 11 Date d'inscription   Statut Membre
     
    Up !!!!
    Aidez-moi svp, j'en ai marre de cette sale bête !

    J'ai suivi le conseil et fais la phase 2 de navilog1. voici le rapport :

    Clean Navipromo version 2.0.3 commencé le 29/06/2007 à 14:12:54,21

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

    Mode suppression automatique avec prise en charge résultats Blacklight

    *** Creation backups fichiers trouvés par Blacklight ***

    Copie vers "C:\Program Files\navilog1\Backupnavi"

    *** Suppression des fichiers trouvés avec Blacklight ***

    c:\WINDOWS\system32\cywliwaima.dat supprimé !
    C:\windows\system32\cywliwaima.exe supprimé !
    c:\WINDOWS\system32\cywliwaima_nav.dat supprimé !
    c:\WINDOWS\system32\cywliwaima_navps.dat supprimé !

    ** 2ème passage **

    C:\WINDOWS\system32\cywliwaima.exe absent !
    C:\WINDOWS\system32\cywliwaima.dat absent !
    C:\WINDOWS\system32\cywliwaima_nav.dat absent !
    C:\WINDOWS\system32\cywliwaima_navps.dat absent !
    C:\WINDOWS\system32\cywliwaima_navup.dat absent !
    C:\WINDOWS\system32\cywliwaima_navtmp.dat absent !
    C:\WINDOWS\system32\cywliwaima_m2s.xml absent !

    C:\WINDOWS\prefetch\cywliwaima*.pf trouvé !
    Copie C:\WINDOWS\prefetch\cywliwaima*.pf réalise avec succes !
    C:\WINDOWS\prefetch\cywliwaima*.pf supprimé !

    *** Suppression dossiers dans C:\WINDOWS ***

    *** Suppression dossiers dans C:\Program Files ***

    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Suppression dossiers dans C:\Documents and Settings\Nex\Application Data ***

    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !
    C:\WINDOWS\system32\nvs2.inf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Nex\Local Settings\Temp effectué !

    *** Sauvegarde du registre vers dossier Backupnavi***

    sauvegarde du registre réalise avec succes !

    *** Nettoyage registre ***

    Nettoyage registre Ok

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    C:\WINDOWS\system32\kjkmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
    C:\WINDOWS\system32\kjkmp.bak2 trouvé ! infection Vundo possible non traité par cet outil !

    2)Recherche et Suppression Heuristique :

    *
    **
    ***
    ****
    *****
    ******
    *******
    ********

    3)Contrôle présence clés Rootkit dans le registre :

    Aucune autre clés présente dans le registre !

    *** Nettoyage termine le 29/06/2007 à 14:15:33,98 ***
    0
  3. Nex10 Messages postés 11 Date d'inscription   Statut Membre
     
    up ! please.... j'ai fait un coup de ccleaner en vain.
    Autre info.... jpense que l'origine du problème est l'installation de l'internet GameBox (je sais c'est une énorme connerie !).
    0
  4. moK´s@ Messages postés 4410 Statut Membre 89
     
    ok on continue

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    et repost un log hijackthis ,

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Nex10 Messages postés 11 Date d'inscription   Statut Membre
     
    Voilà pour le raport VundoFix :

    VundoFix V6.5.4
    
    Checking Java version...
    
    Java version is 1.5.0.11
    
    Scan started at 11:54:47 01/07/2007
    
    Listing files found while scanning....
    
    C:\windows\system32\aevjebee.exe
    C:\WINDOWS\system32\fduaxpej.dll
    C:\windows\system32\hmytyxbv.dll
    C:\windows\system32\jepxaudf.ini
    C:\WINDOWS\system32\kjkmp.bak1
    C:\WINDOWS\system32\kjkmp.bak2
    C:\WINDOWS\system32\kjkmp.ini
    C:\WINDOWS\system32\llbqpxke.dll
    C:\windows\system32\mtaimhnh.dll
    C:\windows\system32\mxlaqhuq.dll
    C:\windows\system32\noomjfru.ini
    C:\windows\system32\npgrljuq.exe
    C:\windows\system32\nqaqqqkd.exe
    C:\windows\system32\nqlhospb.exe
    C:\windows\system32\ovpfvfyl.dll
    C:\WINDOWS\system32\pmkjk.dll
    C:\windows\system32\quhqalxm.ini
    C:\windows\system32\urfjmoon.dll
    
    Beginning removal...
    
     Attempting to delete C:\windows\system32\aevjebee.exe
    C:\windows\system32\aevjebee.exe Has been deleted!
    
     Attempting to delete C:\WINDOWS\system32\fduaxpej.dll
    C:\WINDOWS\system32\fduaxpej.dll Could not be deleted.
    
     Attempting to delete C:\windows\system32\hmytyxbv.dll
    C:\windows\system32\hmytyxbv.dll Has been deleted!
    
     Attempting to delete C:\windows\system32\jepxaudf.ini
    C:\windows\system32\jepxaudf.ini Has been deleted!
    
     Attempting to delete C:\WINDOWS\system32\kjkmp.bak1
    C:\WINDOWS\system32\kjkmp.bak1 Has been deleted!
    
     Attempting to delete C:\WINDOWS\system32\kjkmp.bak2
    C:\WINDOWS\system32\kjkmp.bak2 Has been deleted!
    
     Attempting to delete C:\WINDOWS\system32\kjkmp.ini
    C:\WINDOWS\system32\kjkmp.ini Has been deleted!
    
     Attempting to delete C:\WINDOWS\system32\llbqpxke.dll
    C:\WINDOWS\system32\llbqpxke.dll Has been deleted!
    
     Attempting to delete C:\windows\system32\mtaimhnh.dll
    C:\windows\system32\mtaimhnh.dll Has been deleted!
    
     Attempting to delete C:\windows\system32\mxlaqhuq.dll
    C:\windows\system32\mxlaqhuq.dll Has been deleted!
    
     Attempting to delete C:\windows\system32\noomjfru.ini
    C:\windows\system32\noomjfru.ini Has been deleted!
    
     Attempting to delete C:\windows\system32\npgrljuq.exe
    C:\windows\system32\npgrljuq.exe Has been deleted!
    
     Attempting to delete C:\windows\system32\nqaqqqkd.exe
    C:\windows\system32\nqaqqqkd.exe Has been deleted!
    
     Attempting to delete C:\windows\system32\nqlhospb.exe
    C:\windows\system32\nqlhospb.exe Has been deleted!
    
     Attempting to delete C:\windows\system32\ovpfvfyl.dll
    C:\windows\system32\ovpfvfyl.dll Has been deleted!
    
     Attempting to delete C:\WINDOWS\system32\pmkjk.dll
    C:\WINDOWS\system32\pmkjk.dll Has been deleted!
    
     Attempting to delete C:\windows\system32\quhqalxm.ini
    C:\windows\system32\quhqalxm.ini Has been deleted!
    
     Attempting to delete C:\windows\system32\urfjmoon.dll
    C:\windows\system32\urfjmoon.dll Has been deleted!
    
    Performing Repairs to the registry.
    Done!
    
    Beginning removal...
    
     Attempting to delete C:\WINDOWS\system32\fduaxpej.dll
    C:\WINDOWS\system32\fduaxpej.dll Has been deleted!
    
    Performing Repairs to the registry.
    Done!


    ET voici pour le rapport HijackThis! :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:11:34, on 01/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\ASUS\NB Probe\NBProbe.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Nex\Mes documents\Téléchargés\HiJackThis_v2.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://192.168.100.1/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {463D9383-EE5A-48AE-87A1-69F66937A728} - C:\WINDOWS\system32\pmkjk.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - (no file)
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [NB Probe] "C:\Program Files\ASUS\NB Probe\NBProbe.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: bw+0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {F5824C07-2194-4A4D-825E-62445152D7C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: efcbcby - efcbcby.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tvcvifhx.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    
    --
    End of file - 20347 bytes


    Un grand merci de bien vouloir m'aider ^^
    0
  7. moK´s@ Messages postés 4410 Statut Membre 89
     
    ok

    avec hijack this coche ceci :

    O2 - BHO: (no name) - {463D9383-EE5A-48AE-87A1-69F66937A728} - C:\WINDOWS\system32\pmkjk.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O20 - Winlogon Notify: efcbcby - efcbcby.dll (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tvcvifhx.exe (file missing)
    quitte tes applications et navigateur et fix les lignes ci dessus.

    comment fixer :

    Démo en image
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    en suite

    réouvre hijack this puis click sur ouvrir la section outil puis sur enlevé un service nt puis dans la fenetre qui va s´ouvrir a droite copie et colle ceci :

    DomainService - Unknown owner - C:\WINDOWS\system32\tvcvifhx.exe

    puis fais ceci

    telecharge :

    http://www.techsupportforum.com/sectools/combofix.exe

    tu le télécharge sur ton bureau.

    desactive ton anti virus et autre protection pas le par feu.

    click sur combofix.exe et suis les instructions a l´ecran.

    quand il aura terminé il va produire un log, poste le dans ta prochaine reponse.

    ps : ne click pas avec ta sourie pendant qu´il effectue le scan et les réparations...

    @+
    0
  8. Nex10 Messages postés 11 Date d'inscription   Statut Membre
     
    J'ai bien fait les manips avec hijack mise à part la supprssion du service NT car celui-ci était introuvable.
    Par ailleurs, ton raccourci pour combofix est erronné, voilà tout de même le rapport :

    "Nex" - 2007-07-01 12:35:30 - ComboFix 07-06-27.7 - Service Pack 2  NTFS  
    
    
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    
    
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService
    
    
    (((((((((((((((((((((((((   Files Created from 2007-06-01 to 2007-07-01  )))))))))))))))))))))))))))))))
    
    
    2007-07-01 12:35	49,152	--a------	C:\WINDOWS\nircmd.exe
    2007-06-29 18:26	<REP>	d--------	C:\Program Files\CCleaner
    2007-06-29 14:33	852,042	--a------	C:\WINDOWS\system32\Lemmings Revolution.exe
    2007-06-29 14:33	56,832	--a------	C:\WINDOWS\system32\Iyvu9_32.dll
    2007-06-29 14:33	<REP>	d--------	C:\WINDOWS\system32\SavedSystemFiles
    2007-06-29 14:32	<REP>	d--------	C:\Program Files\Take 2 Interactive Software Europe
    2007-06-29 13:36	75,512	--a------	C:\WINDOWS\zllsputility.exe
    2007-06-29 13:36	54,936	--a------	C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-06-29 13:36	42,648	--a------	C:\WINDOWS\zllsputility_loc040c.dll
    2007-06-29 13:36	4,212	---h-----	C:\WINDOWS\system32\zllictbl.dat
    2007-06-29 13:36	22,168	--a------	C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-06-29 13:36	18,072	--a------	C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-06-29 13:36	11,264	--a------	C:\WINDOWS\system32\SpOrder.dll
    2007-06-29 13:35	1,087,216	--a------	C:\WINDOWS\system32\zpeng24.dll
    2007-06-29 13:35	<REP>	d--------	C:\WINDOWS\system32\ZoneLabs
    2007-06-29 13:35	<REP>	d--------	C:\WINDOWS\Internet Logs
    2007-06-27 22:49	<REP>	d--------	C:\DOCUME~1\Nex\APPLIC~1\SteelBytes
    2007-06-27 10:35	<REP>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-06-24 14:47	4,628	--a------	C:\WINDOWS\system32\isdgrxkb.exe
    2007-06-24 13:22	98,304	--a------	C:\WINDOWS\system32CmdLineExt.dll
    2007-06-23 09:22	<REP>	d--------	C:\WINDOWS\system32\appmgmt
    2007-06-23 09:22	<REP>	d--------	C:\WINDOWS\SxsCaPendDel
    2007-06-22 18:02	118,784	-r-------	C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2007-06-22 18:01	89,088	--a------	C:\WINDOWS\system32\atl71.dll
    2007-06-22 18:01	499,712	--a------	C:\WINDOWS\system32\msvcp71.dll
    2007-06-22 18:01	348,160	--a------	C:\WINDOWS\system32\msvcr71.dll
    2007-06-22 18:01	13,056	--a------	C:\WINDOWS\system32\drivers\L8042Kbd.sys
    2007-06-22 18:01	1,060,864	--a------	C:\WINDOWS\system32\MFC71.dll
    2007-06-22 18:01	1,047,552	--a------	C:\WINDOWS\system32\MFC71u.dll
    2007-06-18 14:02	<REP>	d--------	C:\Program Files\Activision
    2007-06-13 15:34	30,765	--a------	C:\WINDOWS\dr.exe
    2007-06-10 17:14	<REP>	d--------	C:\WINDOWS\avxoscan
    
    
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    
    2007-06-29 17:42:48	22,584	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-06-29 17:42:41	99,904	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
    2007-06-29 13:49:30	--------	d--h--w	C:\Program Files\InstallShield Installation Information
    2007-06-29 12:33:13	--------	d-----w	C:\Program Files\Intel
    2007-06-29 12:26:40	--------	d-----w	C:\Program Files\eMule
    2007-06-29 11:14:55	--------	d-----w	C:\Program Files\MSN Messenger
    2007-06-27 17:28:30	--------	d-----w	C:\DOCUME~1\Nex\APPLIC~1\OpenOffice.org2
    2007-06-27 12:55:19	49,054	----a-w	C:\WINDOWS\system32\perfc00C.dat
    2007-06-27 12:55:19	368,314	----a-w	C:\WINDOWS\system32\perfh00C.dat
    2007-06-23 09:26:05	--------	d-----w	C:\DOCUME~1\Nex\APPLIC~1\uTorrent
    2007-06-22 16:02:41	--------	d-----w	C:\Program Files\Logitech
    2007-06-19 12:11:24	5,414	----a-w	C:\WINDOWS\mozver.dat
    2007-06-19 12:11:21	--------	d-----w	C:\Program Files\Mozilla Thunderbird
    2007-05-05 14:43:08	--------	d-----w	C:\Program Files\Fichiers communs\Real
    2007-05-05 14:39:21	--------	d-----w	C:\DOCUME~1\Nex\APPLIC~1\Ulead Systems
    2007-04-27 17:50:02	63,040	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
    2007-04-25 14:22:35	144,896	----a-w	C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18	2,854,400	----a-w	C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36	33,624	----a-w	C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54	1,710,936	----a-w	C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
    2007-04-02 17:21:36	0	-c--a-w	C:\WINDOWS\nsreg.dat
    2007-04-02 15:08:59	0	--sha-r	C:\MSDOS.SYS
    2007-04-02 15:08:59	0	--sha-r	C:\IO.SYS
    2007-04-02 15:08:59	0	----a-w	C:\CONFIG.SYS
    2007-04-02 15:08:59	0	----a-w	C:\AUTOEXEC.BAT
    2007-04-02 15:04:57	21,892	----a-w	C:\WINDOWS\system32\emptyregdb.dat
    
    
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
     
     
    *Note* empty entries & legit default entries are not shown 
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 09:37 C:\WINDOWS\RTHDCPL.EXE]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 08:23]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 08:23]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
    "NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2005-07-27 17:07]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-22 18:02]
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive"=0 (0x0)
    "NoLogoff"=0 (0x0)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    
    
    Contents of the 'Scheduled Tasks' folder
    2007-06-24 12:24:06  C:\WINDOWS\tasks\At1.job
    2007-06-24 18:00:01  C:\WINDOWS\tasks\At10.job
    2007-06-24 12:38:06  C:\WINDOWS\tasks\At11.job
    2007-06-24 12:38:06  C:\WINDOWS\tasks\At12.job
    2007-06-24 12:41:38  C:\WINDOWS\tasks\At13.job
    2007-06-24 12:41:38  C:\WINDOWS\tasks\At14.job
    2007-06-24 18:00:03  C:\WINDOWS\tasks\At2.job
    2007-06-24 12:24:06  C:\WINDOWS\tasks\At3.job
    2007-06-24 12:32:45  C:\WINDOWS\tasks\At4.job
    2007-06-24 12:32:45  C:\WINDOWS\tasks\At5.job
    2007-06-24 18:00:04  C:\WINDOWS\tasks\At6.job
    2007-06-24 18:00:05  C:\WINDOWS\tasks\At7.job
    2007-06-24 12:34:52  C:\WINDOWS\tasks\At8.job
    2007-06-24 12:34:52  C:\WINDOWS\tasks\At9.job
    
    **************************************************************************
    
    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-01 12:38:14
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ...
    
    scanning hidden autostart entries ...
    
    scanning hidden files ...
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    
    Completion time: 2007-07-01 12:39:31 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-01 12:39
    
    	--- E O F ---


    Merci de prendre de ton temps pour m'aider.
    Le problème est apparemment résolu mais ça en a créé un autre : la majeure partie de mes raccourcis clavier sont morts. Je suis sur un ordi portable asus et les touches Fn en relation avec le son ne fonctionnent plus et les touches des utilitaires placés sur le dessus ne fonctionnent plus non plus (touche d'activation du touchPad, de la gestion de l'alimentation, etc...)

    Edit à 13h34 : J'ai réinstallé le dernier pilote et tout refonctionne normalement, merci de ton aide précieuse.
    0
  9. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    passe ceci :

    télécharges smitfraudfix :

    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
    cela vas générer un rapport.

    Copie/colle le rapport sur le forum stp.
    0
  10. Nex10 Messages postés 11 Date d'inscription   Statut Membre
     
    Voilà pour le rapport mais le problème semble réglé.
    Je n'ai plus de pubs et mon ordi est plus rapide.
    Merci d'avoir usé de ton temps pour m'aider, je t'en suis très reconnaissant.

    SmitFraudFix v2.197
    
    Rapport fait à  8:51:55,18, 02/07/2007
    Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal
    
    »»»»»»»»»»»»»»»»»»»»»»»» Process
    
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\ASUS\NB Probe\NBProbe.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe
    
    »»»»»»»»»»»»»»»»»»»»»»»» hosts
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
    
    C:\WINDOWS\dr.exe PRESENT !
    C:\WINDOWS\Tasks\At?.job PRESENT !
    C:\WINDOWS\Tasks\At??.job PRESENT !
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nex
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nex\Application Data
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nex\Favoris
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Bureau
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
     
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"
     
    
    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
    
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Rustock
    
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    
    Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{31B4E409-ED47-4733-9006-661EF99B4378}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{31B4E409-ED47-4733-9006-661EF99B4378}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{31B4E409-ED47-4733-9006-661EF99B4378}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
    
    
    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  11. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut nex10

    ce n´est pas fini;

    Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)

    - Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.

    Enregistre le rapport puis Copie/colle le rapport sur le forum stp.

    puis :

    * télécharge AVG Anti-Spyware (ewido)

    https://www.avg.com/en-ww/free-antivirus-download
    http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html
    * tu l'installes

    * lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
    si tu n'arrives pas à le mettre à jour prends ici les màj
    http://downloads.ewido.net/avgas-signatures-full-current.exe

    Sur la page "analyse":
    •- tu choisis d'abord l'onglet "paramètres".
    - sous « Comment réagir » clic sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer »

    Copie Et colle le rapport ici

    Ps : une fois le scan terminé tu supprime bien tout ce qu´il a trouvé.

    @+
    0