HELP? HELP??? trojan

Résolu
marcde Messages postés 331 Statut Membre -  
marcde Messages postés 331 Statut Membre -
bonjour a toutes et tous,

je suis debutant et je n'arrive pas a eliminer trojan avec avast4 home edition, quand j'allume mon pc j'ai une dixaine de virus, apres toute les quart heures la meme chose, j'ai aussi essayer spy doctor, mais quand je scan avec cellui ci mon pc s'eteind, qui peut m'aider svp, ci joint les virus, je vous remercie pour votre aide, marc

C:\DOCUME~1\marc\LOCALS~1\Temp\8FBC.dmp
Win32:Small-FDP [Trj]
Trojaans Paard
000756-1, 13/07/2007

C:\DOCUME~1\marc\LOCALS~1\Temp\vx1dt1.game
Win32:Small-BLF [Trj]
Trojaans Paard

C:\DOCUME~1\marc\LOCALS~1\Temp\v4xd3.ga2me\[UPX]
Win32:Small-GWM [Trj]

C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\TS479HG9\2904[1].exe
in32:Downloader-gen [Trj]

C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\TS479HG9\zgame3[1]\[UPX]
Win32:Small-GWM [Trj]

:\WINDOWS\system32\vedxga1me4t1.exe
Win32:Downloader-gen [Trj

] C:\WINDOWS\system32\vedxga5me3.exe\[UPX]
Win32:Small-GWM [Trj]

C:\WINDOWS\system32\vedxga1me4t1.exe
Win32:Small-BLF [Trj]

C:\DOCUME~1\marc\LOCALS~1\Temp\botF9E7.tmp\[Upack]
Win32:Xorpix-AU [Trj]

:\DOCUME~1\marc\LOCALS~1\Temp\5FA74.dmp
Win32:Small-FDP [Trj]

C:\WINDOWS\system32\vdo_4894-7a87.sys
Win32:Tibs-AZX [Trj]
Configuration: Windows XP
Internet Explorer 6.0

13 réponses

  1. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    slt,

    Regarde bien et applique ce qui est indiqué en gras .

    ==================================

    Télécharge et installe ce log :

    * AVG AS

    AVG anti spyware
    avg antispyware
    Met le a jour avant de lancer le scan.
    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    a+
    0
    1. marcde Messages postés 331 Statut Membre 34
       
      salut 08,
      je te remercie de ton intervention si rapide, mais je suis vraiment dans la bousede v..,
      j'ai telec..avg, mais quand je double clic pour ouvrir rien???;
      a quoi est ce du,merci, marc
      0
    2. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
       
      comment ça ? Tu as un message d'erreur ?

      télécharge HijackThis (version francaise) ici:
      hijackthis

      Dézippe le dans un dossier prévu à cet effet.

      Par exemple C:\hijackthis < Enregistre le bien dans c : !


      Démo (merci à Balltrap) :
      instalation hijackthis
      http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif

      Lance le puis:
      clique sur "faire un scan et sauvegarder le log" (cf démo)
      faire un copier coller du log entier sur le forum

      Démo : (merci à balltrap34 pour cette réalisation)
      http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

      a+
      0
      1. marcde Messages postés 331 Statut Membre 34 > Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention  
         
        re salut séb08

        non je nai pas eu de mess d'erreur,
        mais vais esayer hijac.. , cela ne te derange pas si ce prob.., est resolut de m'aider pour d'autres ,
        te remercie,marc

        ps: je suis debutant, vraiment un naze sur pc
        0
  2. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Le rapport Hijack ?

    0
    1. marcde Messages postés 331 Statut Membre 34
       
      re séb80 enfin réussi a avoir quel..chose, est ce ceci que tu a besoin

      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 20:12:56, on 15/07/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchîst.exe
      C:\Program Files\Telemeter 3.0\telemeter3.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\kernelwind32.exe
      C:\WINDOWS\system32\spoolsvv.exe
      c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      C:\WINDOWS\system32\kbldoc.exe
      C:\WINDOWS\system32\ldcdx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\mfsysnv.exe
      C:\WINDOWS\system32\cliktvmr.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Windows\xpupdate.exe
      C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\ialhfxvn.exe
      C:\WINDOWS\system32\vedxg4am1et2.exe
      C:\WINDOWS\system32\vedxga4m1et4.exe
      C:\WINDOWS\system32\ntvdm.exe
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\TS479HG9\HiJackThis_v2[3].exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
      O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\recover.dll
      O2 - BHO: H - {5E66C4A5-70BE-48a1-A1FB-6D430A539969} - mioed.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
      O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
      O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
      O4 - HKLM\..\Run: [codecs] ialhfxvn.exe
      O4 - HKLM\..\Run: [klibinst] C:\WINDOWS\system32\kbldoc.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe
      O4 - HKLM\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe
      O4 - HKLM\..\Run: [xpsysmt] C:\WINDOWS\system32\cliktvmr.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
      O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
      O4 - HKCU\..\Run: [codecs] ialhfxvn.exe
      O4 - HKCU\..\Run: [klibinst] C:\WINDOWS\system32\kbldoc.exe
      O4 - HKCU\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe
      O4 - HKCU\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe
      O4 - HKCU\..\Run: [xpsysmt] C:\WINDOWS\system32\cliktvmr.exe
      O4 - HKLM\..\Policies\Explorer\Run: [system] C:\WINDOWS\system32\svchîst.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: NameServer = 85.255.113.110,85.255.112.227
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2318929D-843A-4A23-8C78-8877E194ED9B}: NameServer = 85.255.113.110,85.255.112.227
      O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5BF933-0CA9-47C8-9BE5-3B08887F1B48}: NameServer = 85.255.113.110,85.255.112.227
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
      O17 - HKLM\System\CS1\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: NameServer = 85.255.113.110,85.255.112.227
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
      O18 - Protocol: bw+0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - AppInit_DLLs:
      O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenten\Settings\bot.dll
      O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\sbinv.dll
      O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
      O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
      O22 - SharedTaskScheduler: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\sbinv.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
      O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LogoMedia TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmacv.exe (file missing)
      O24 - Desktop Component 0: (no name) - http://box44.bluehost.com/~popcorno/html/radio/radiolabel.gif
      O24 - Desktop Component 1: (no name) - http://www.google.be/intl/en_com/images/logo_plain.png
      0
    2. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
       
      Tu as mal instalé hijackthis , donc désinstalle le et réinstalle le comme cité au <3> dans son propre dossier.


      Ensuite

      Télécharges smitfraudfix:(merci a S!RI pour ce programme)

      En image :
      http://siri.urz.free.fr/Fix/SmitfraudFix.php

      tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisis l option 1
      cela vas générer un rapport,copie/colle le.

      a+
      0
      1. marcde Messages postés 331 Statut Membre 34 > Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention  
         
        salut séb80
        j'ai telech.. quand je l'ouvre je recois ceci , ( dumphive,, hostschk,, reboot ,, smitfraudfix,, srchsts,, swsc,, unzip,, genericrenosfix,, process,, restart,, smi update,, swreg,, swxcacls,, ) lequel est le bon, pour hijackthis je recois deux fichiers, quand je scan, celui que je t'ai envoyer, et un autre ou il y a toute une liste avec des carrés a gauche que je dois cocher,est ce celui la que tu dois voir,
        encore merci séb
        0
      2. marcde Messages postés 331 Statut Membre 34 > Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention  
         
        AH OUI j'oubliais de te dire séb, quand j'ai attraper les virus j'ai aussi vu que en bas a gauche, la ou il y a la date l'heure et la connection internet, un rond rouge avec une croix blanche dedans et qui me dit que mon pc est infecter et que je dois telech.. un spyware, est ce pas de la que vient out , de plus je ne sait pas le detruire, merci, marc
        0
      3. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430 > Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention  
         
        Pour smitfraudfix décompresse le bien. Regarde dans la démo.

        Pour hijack , désinstale le complètement et réinstalle le.

        Regarde la démo pour mettre un rapport, tout est là et bien expliqué il faut lire ..
        0
  3. marcde Messages postés 331 Statut Membre 34
     
    re salut séb80
    je suis encore toujour avec le meme prob..., j'ai aussi fait ce que j'ai su lire dans le blog a claude, le ccleaner et le superAntivirus, meme avec tout cela et le scan de hijackthis, rien???, et je n'arrive toujour pas a detruire ce rond rouge avec une croix blanche dedans, le rapport de hijackthis est celui ci,,,

    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\TEMP\bot550D.tmp
    C:\WINDOWS\system32\vedxg4am1et2.exe
    C:\WINDOWS\system32\vedxga4m1et4.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: H - {5E66C4A5-70BE-48a1-A1FB-6D430A539969} - mioed.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
    O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
    O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
    O4 - HKLM\..\Run: [codecs] ialhfxvn.exe
    O4 - HKLM\..\Run: [klibinst] C:\WINDOWS\system32\kbldoc.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe
    O4 - HKLM\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe
    O4 - HKLM\..\Run: [xpsysmt] C:\WINDOWS\system32\cliktvmr.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
    O4 - HKCU\..\Run: [codecs] ialhfxvn.exe
    O4 - HKCU\..\Run: [klibinst] C:\WINDOWS\system32\kbldoc.exe
    O4 - HKCU\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe
    O4 - HKCU\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe
    O4 - HKCU\..\Run: [xpsysmt] C:\WINDOWS\system32\cliktvmr.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: NameServer = 85.255.113.110,85.255.112.227
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2318929D-843A-4A23-8C78-8877E194ED9B}: NameServer = 85.255.113.110,85.255.112.227
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5BF933-0CA9-47C8-9BE5-3B08887F1B48}: NameServer = 85.255.113.110,85.255.112.227
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
    O17 - HKLM\System\CS1\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: NameServer = 85.255.113.110,85.255.112.227
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
    O18 - Protocol: bw+0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenten\Settings\bot.dll
    O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\sbinv.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogoMedia TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmacv.exe (file missing)

    est ce que ceci peut t'aider a trouver une solution,
    je suis vraiment emer..., car je n'arrive plus a rien,
    ce qui pour moi est diff...est que je ne coprend pas tout ces termes que l'on emploie sur pc,
    merci, merci, marc
    0
  4. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ton rapport hijack n'est pas complet ...

    Il faut que tu fasses ça

    Télécharges smitfraudfix:(merci a S!RI pour ce programme)

    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisis l option 1
    cela vas générer un rapport,copie/colle le.

    Lis bien et execute .

    Je ne peux pas trop me pencher sur CCM en ce moment, les vacances approchent . :-)

    0
    1. marcde Messages postés 331 Statut Membre 34
       
      re séb80,
      excuse mais c'est quoi decompresser
      0
    2. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
       
      clic droit sur le fichier et "extraire tout" .

      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. marcde Messages postés 331 Statut Membre 34
     
    voila, j'ai je pense fait ce qu'il faut avec smitfraudfix j'ai 3 rapports

    SmitFraudFix v2.204

    Rapport fait à 18:43:15,07, mer. 18/07/2007
    Executé à partir de C:\Documents and Settings\marc\Bureaublad\SmitfraudFix
    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 www.trendmicro.com
    127.0.0.1 rads.mcafee.com
    127.0.0.1 customer.symantec.com
    127.0.0.1 liveupdate.symantec.com
    127.0.0.1 us.mcafee.com
    127.0.0.1 updates.symantec.com
    127.0.0.1 www.nai.com
    127.0.0.1 secure.nai.com
    127.0.0.1 dispatch.mcafee.com
    127.0.0.1 download.mcafee.com
    127.0.0.1 www.my-etrust.com
    127.0.0.1 mast.mcafee.com
    127.0.0.1 ca.com
    127.0.0.1 www.ca.com
    127.0.0.1 networkassociates.com
    127.0.0.1 www.networkassociates.com
    127.0.0.1 avp.com
    127.0.0.1 www.kaspersky.com
    127.0.0.1 www.avp.com
    127.0.0.1 downloads4.kaspersky-labs.com
    127.0.0.1 downloads3.kaspersky-labs.com
    127.0.0.1 downloads2.kaspersky-labs.com
    127.0.0.1 downloads1.kaspersky-labs.com
    127.0.0.1 www.f-secure.com
    127.0.0.1 viruslist.com
    127.0.0.1 www.viruslist.com
    127.0.0.1 liveupdate.symantecliveupdate.com
    127.0.0.1 www.mcafee.com
    127.0.0.1 sophos.com
    127.0.0.1 www.sophos.com
    127.0.0.1 securityresponse.symantec.com
    127.0.0.1 www.symantec.com
    192.168.0.101 www.trendmicro.com
    192.168.0.101 trendmicro.com
    192.168.0.101 rads.mcafee.com
    192.168.0.101 customer.symantec.com
    192.168.0.101 liveupdate.symantec.com
    192.168.0.101 us.mcafee.com
    192.168.0.101 updates.symantec.com
    192.168.0.101 update.symantec.com
    192.168.0.101 www.nai.com
    192.168.0.101 nai.com
    192.168.0.101 secure.nai.com
    192.168.0.101 dispatch.mcafee.com
    192.168.0.101 download.mcafee.com
    192.168.0.101 www.my-etrust.com
    192.168.0.101 my-etrust.com
    192.168.0.101 mast.mcafee.com
    192.168.0.101 ca.com
    192.168.0.101 www.ca.com
    192.168.0.101 networkassociates.com
    192.168.0.101 www.networkassociates.com
    192.168.0.101 avp.com
    192.168.0.101 www.kaspersky.com
    192.168.0.101 www.avp.com
    192.168.0.101 kaspersky.com
    192.168.0.101 www.f-secure.com
    192.168.0.101 f-secure.com
    192.168.0.101 viruslist.com
    192.168.0.101 www.viruslist.com
    192.168.0.101 liveupdate.symantecliveupdate.com
    192.168.0.101 mcafee.com
    192.168.0.101 www.mcafee.com
    192.168.0.101 sophos.com
    192.168.0.101 www.sophos.com
    192.168.0.101 symantec.com

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\xpupdate.exe supprimé
    C:\WINDOWS\Tasks\At?.job supprimé
    C:\WINDOWS\Tasks\At??.job supprimé
    C:\Documents and Settings\marc\Application Data\Install.dat supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce MCP Networking Adapter - Pakketplanner-minipoort
    DNS Server Search Order: 195.130.129.164
    DNS Server Search Order: 195.130.130.164

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    SmitFraudFix v2.204

    Rapport fait à 18:58:55,82, mer. 18/07/2007
    Executé à partir de C:\Documents and Settings\marc\Bureaublad\SmitfraudFix
    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

    Description: NVIDIA nForce MCP Networking Adapter - Pakketplanner-minipoort
    DNS Server Search Order: 195.130.129.164
    DNS Server Search Order: 195.130.130.164

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164

    »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

    Description: NVIDIA nForce MCP Networking Adapter - Pakketplanner-minipoort
    DNS Server Search Order: 195.130.129.164
    DNS Server Search Order: 195.130.130.164

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164

    SmitFraudFix v2.204

    Rapport fait à 19:00:57,53, mer. 18/07/2007
    Executé à partir de C:\Documents and Settings\marc\Bureaublad\SmitfraudFix
    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\svchîst.exe
    C:\Program Files\Telemeter 3.0\telemeter3.exe
    C:\WINDOWS\system32\cliktvmr.exe
    C:\WINDOWS\system32\clijtpva.exe
    C:\WINDOWS\system32\cappudoy.exe
    C:\WINDOWS\retadpu27.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\marc

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\marc\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\marc\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=" "

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce MCP Networking Adapter - Pakketplanner-minipoort
    DNS Server Search Order: 195.130.129.164
    DNS Server Search Order: 195.130.130.164

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    est ce que j'ai fait ce qu'il faut, merci marc
    0
  7. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Bah pas trop mais apparemment le fix a viré pas mal de truc quaund même en mode normal . Tu as fait l'option 2 alors que je demandais l'option 1 (qui a été faite après...)

    Lis bien ce qui était écrit ... Y'a rien de difficile suffit de suivre.

    remet un log hijack

    a+
    0
    1. marcde Messages postés 331 Statut Membre 34
       
      ce rapport ci,,, ou l'autre


      Logfile of HijackThis v1.99.1
      Scan saved at 19:24:52, on 18/07/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      C:\WINDOWS\system32\svchîst.exe
      C:\Program Files\Telemeter 3.0\telemeter3.exe
      C:\WINDOWS\system32\cliktvmr.exe
      C:\WINDOWS\system32\clijtpva.exe
      C:\WINDOWS\system32\cappudoy.exe
      C:\WINDOWS\retadpu27.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
      O2 - BHO: H - {5E66C4A5-70BE-48a1-A1FB-6D430A539969} - mioed.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
      O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [codecs] ialhfxvn.exe
      O4 - HKLM\..\Run: [klibinst] C:\WINDOWS\system32\kbldoc.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe
      O4 - HKLM\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe
      O4 - HKLM\..\Run: [xpsysmt] C:\WINDOWS\system32\cliktvmr.exe
      O4 - HKLM\..\Run: [winsaavc] C:\WINDOWS\system32\assched.exe
      O4 - HKLM\..\Run: [wsmssl] C:\WINDOWS\system32\clijtpva.exe
      O4 - HKLM\..\Run: [fwddls] C:\WINDOWS\system32\cappudoy.exe
      O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE3A516CAC59B6
      O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
      O4 - HKCU\..\Run: [codecs] ialhfxvn.exe
      O4 - HKCU\..\Run: [klibinst] C:\WINDOWS\system32\kbldoc.exe
      O4 - HKCU\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe
      O4 - HKCU\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe
      O4 - HKCU\..\Run: [xpsysmt] C:\WINDOWS\system32\cliktvmr.exe
      O4 - HKCU\..\Run: [winsaavc] C:\WINDOWS\system32\assched.exe
      O4 - HKCU\..\Run: [wsmssl] C:\WINDOWS\system32\clijtpva.exe
      O4 - HKCU\..\Run: [fwddls] C:\WINDOWS\system32\cappudoy.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
      O18 - Protocol: bw+0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: offline-8876480 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - AppInit_DLLs:
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenten\Settings\bot.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LogoMedia TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmacv.exe (file missing)
      0
  8. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    ecoute ... lis bien et applique .

    Relance smitfraudfix

    = > tu doubles cliques sur smitfraudfix.cmd et tu choisis l option 1
    cela vas générer un rapport,copie/colle le.

    a+
    0
    1. marcde Messages postés 331 Statut Membre 34
       
      SmitFraudFix v2.204

      Rapport fait à 19:41:00,75, mer. 18/07/2007
      Executé à partir de E:\Documents and Settings\marc\Mijn documenten\NIET GEBRUIK\SmitfraudFix
      OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      C:\WINDOWS\system32\svchîst.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\marc


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\marc\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\marc\FAVORI~1


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Mijn huidige introductiepagina"


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: NVIDIA nForce MCP Networking Adapter - Pakketplanner-minipoort
      DNS Server Search Order: 195.130.129.164
      DNS Server Search Order: 195.130.130.164

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  9. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    tu peux lancer AVG ?

    Voir au <1> .

    a+
    0
    1. marcde Messages postés 331 Statut Membre 34
       
      je vais lancer avg,, mais je dois d'abort supprimer les autre comme,,, super antispyweare, et ccleaner
      ou je le fait avec ceux que j'ai,,,

      je suis vraiment désolé de ne pas bien comprendre , et de prendre de ton temps,
      je t'en remercie, marc
      0
  10. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    C'est pas grave mais lis bien ce que j'écris , tu ne lis pas assez.

    Laisse les log instalé (ccleaner et autres ..)

    fais la manip citée ici

    help help trojan#1

    avec AVG.

    Je dois m'absenter.

    a+
    0
    1. marcde Messages postés 331 Statut Membre 34
       
      salut séb08
      ici le raport de avg,,, ah oui je n'ai plus de windows firewall dans ma page configuration,


      voAVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 21:26:30 18/07/2007

      + Résultat de l'analyse:



      C:\WINDOWS\system32\b4fm.dll -> Adware.BurnFree : Nettoyé et sauvegardé (mise en quarantaine).
      HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Program Files\Outerinfo\OiUninstaller.exe -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\qlkpkot.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
      HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{C3FF10F3-839B-456D-90FF-ACC2E64A0F4F}\RP271\A0063284.exe -> Backdoor.SdBot.bij : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\drivers\ip6fw.sys -> Downloader.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\retadpu27.exe -> Downloader.Agent.bls : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\max1d1164v.exe -> Downloader.Obfuscated.n : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\b128.exe -> Downloader.PurityScan.eh : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{C3FF10F3-839B-456D-90FF-ACC2E64A0F4F}\RP271\A0064295.exe -> Downloader.Small.ehu : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{C3FF10F3-839B-456D-90FF-ACC2E64A0F4F}\RP271\A0064417.exe -> Downloader.Small.ehu : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\vedxga3me2.exe -> Downloader.Small.ehu : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\b136.exe -> Dropper.Agent.bfr : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\22719163178.exe -> Hijacker.Small.kj : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\smsys.dat -> Proxy.Agent.mx : Nettoyé et sauvegardé (mise en quarantaine).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
      C:\System Volume Information\_restore{C3FF10F3-839B-456D-90FF-ACC2E64A0F4F}\RP271\A0064419.dll -> Proxy.Xorpix.be : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\Temp\bot8A4F.tmp -> Proxy.Xorpix.be : Nettoyé et sauvegardé (mise en quarantaine).
      [724] C:\Documents and Settings\All Users\Documenten\Settings\bot.dll -> Proxy.Xorpix.be : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\marc\Cookies\marc@2.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@3.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
      C:\Documents and Settings\marc\Cookies\marc@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
      C:\System Volume Information\_restore{C3FF10F3-839B-456D-90FF-ACC2E64A0F4F}\RP274\A0071415.exe -> Trojan.LdPinch.byt : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\sqvx5gamet2.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\sqvxga6met3.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\wnscpicomsv.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\vedxga1me4t1.exe -> Worm.Zhelatin.ee : Nettoyé et sauvegardé (mise en quarantaine).


      Fin du rapport
      0
  11. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Tu avais bien mis AVG à jour avant de le lancer ?

    Remet un log hijack .

    a+
    0
  12. marcde Messages postés 331 Statut Membre 34
     
    bonjour séb,
    oui mais quand je clic sur mise a jour il dit qu'il n'y a pas eut de mise a jour,

    Logfile of HijackThis v1.99.1
    Scan saved at 6:57:40, on 19/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenten\Settings\bot.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  13. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    ok

    tu as fixé des lignes dans hijack (ex : 018) ?

    Télécharge: Pocket Killbox ici
    http://www.downloads.subratam.org/KillBox.exe

    Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
    http://perso.orange.fr/rginformatique/section%20virus/killbox.htm

    1-Double-clic sur KillBox.exe
    2- Selectionne "Delete on Reboot"
    3 - Dans "Full Path of File to Delete"
    copie et colle:

    C:\Documents and Settings\All Users\Documenten\Settings\bot.dll

    4- clic sur le rond rouge
    5- une fenetre va apparaitre pour confirmation clic sur OUI
    6- une seconde fenetre te demande si tu veux redemarrer clic sur OUI

    le pc va redemarrer

    Si tu as un message: "pending file rename operations registry data has been removed by external process.", ignore-le, et redémarre ton PC manuellement.

    ensuite remet un log hijack .

    a+

    0
    1. marcde Messages postés 331 Statut Membre 34
       
      salut séb,
      je ne saurai jamais assez te remercier pour ton aide et ta patience, voici le log

      Logfile of HijackThis v1.99.1
      Scan saved at 17:45:18, on 19/07/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenten\Settings\bot.dll (file missing)
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0
  14. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    ok

    Relance Hijack,choisi « do a scan only » ou « scanner seulement » coches ces lignes :

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenten\Settings\bot.dll (file missing)

    Ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus, puis clique « Fix checked » ou « fixer objet ». Ferme HijackThis!

    Ou est ton antivirus ??

    Installe en un

    1/ Avast antivirus
    avast
    =>Pour bénéficier des mises à jour, il faut s'inscrire gratuitement sur leur site :
    https://www.avast.com/registration-free-antivirus

    lire le tuto
    http://www.tutopat.com/viewtopic.php?t=1541
    https://forums.cnetfrance.fr

    et aussi un parefeu

    Kério (pare feu):
    kerio
    lire le tuto: pour configurer et comprendre Kerio
    https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
    https://www.vulgarisation-informatique.com/kerio.php
    https://forums.cnetfrance.fr

    A lire :
    securite le parefeu de windows xp

    explication d'un parefeu :
    firewall

    ===================

    A lire :
    prkoi proposer antivir au lieu d avast

    C'est un choix personnel.
    ===================

    OU en sont tes probs ?

    a+
    0
    1. marcde Messages postés 331 Statut Membre 34
       
      Ok, séb,
      Je vais voir si j’arrive a tout cela, mais que veut tu dire par (www tutopat.com), et (prkoi proposer antivir au lieu d’avast),,, en ce qui concerne mes prob.. tres bien merci, pc va beaucoup mieux mais quand je scan avec AVG y a touj… des virus, mais je n’ose toujours pas aller dans mon pc banking pour y entrer mes codes ??? pense tu qu’il y a des risques pour cela ,
      Merci, marc
      0
      1. marcde Messages postés 331 Statut Membre 34 > marcde Messages postés 331 Statut Membre
         
        salut séb08
        j'ai disparus quelques jours, pour cause quand tu m'a dit dans le dernier contact de faire un blog avec hijackthis et de cocher les deux en question, mon pc c'est eteint et redemarer, mais je n'arrivait plus a faire quelque chose je n'arrivait plus a avoir de liaison sur le net,plus de reaction quand je clic, j'ai du aller au magasin qui lui a fait un ghost, remise a la case depard de mon pc, maintenant cela va bien plus de virus plus rien, toute fois je te remercie de ta patience et de ton aide, infiniment merci séb, a plus peut etre mais dans d'autre conditions, merci , marc
        0