Comment supprimer le Trojan perfcoo ???? Fermé

Question

Bonjour à tous  :-)

Voilà,  tout est dans le titre ....

HijackThis a détecté le trojan Perfcoo et je n'arrive pas à le supprimer 
Quelle est la marche à suivre pour s'en débarasser SVP ? 



voici mon log Hijackthis : 

Logfile of HijackThis v1.99.1
Scan saved at 16:37:17, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Olivier\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSN Webcam Recorder] "C:\Program Files\MSN Webcam Recorder\ml20gui.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Ask  Harrap's Shorter.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.aqua-nat.org
O15 - Trusted Zone: http://messenger.msn.com
O15 - Trusted Zone: https://www.beinsports.com/france/nba/?gr=www
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivier333.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



je suis à votre disposition, 
merci pour votre aide :-)

Olivier

wjhoo · Answer

telecharge le NOD32 et j pe te garentir qu'il sera supprimé

olivier879 · Answer

Merci pour ta réponse wjhoo 

j'ai éssayé avec NOD32 et ça ne marche pas non plus ...
il détecte le trojan mais n'arrive pas à le supprimier ..

quelqu'un a t-il une autre solution ?

Lyonnais92 · Answer

Bonjour,

je ne vois pas d'antivirus !!

Installe antivir (téléchargement sur ce site dans "téléchargements).

Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes non plus, ce qui est un risque de sécurité.

Si c'est le cas tu as le choix entre ces deux possibilités :

Zone Alarm Tuto et lien de téléchargement ici :
https://www.malekal.com/tutoriel-zonealarm-firewall/

Kerio Tuto et lien de téléchargement ici :
http://www.malekal.com/kerio_firewall.php

Il y en a d'autres que tu peux trouver en ouvrant ce lien :
http://www.malekal.com/menu_tutorials_logiciels.php 

Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).

Repostes un log Hijackthis quand tout ça est installé.

@+

olivier879 · Answer

Bonjour !

j'ai telecharge NOD32 hier donc il n'apparait pas sur le log

en fait j'ai le pare-feu windows  et je n'utilisais pas d" antivirus car je n'ai que  256 mo de RAM et cela ralentit trop le pc ...
c'est vrai que ce n'est pas très malin de ma partn en tout cas ça me sert de leçon ... 
encore une fois merci
je suis tes conseils et je poste un nouveau log

Bonne journée
Olivier

olivier879 · Answer

Bonjour

voilà Lyonnais, j'ai suivi tes conseils

voici mon nouveau log

Logfile of HijackThis v1.99.1
Scan saved at 12:40:48, on 07/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\FICHIE~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Olivier\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/abonnes.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSN Webcam Recorder] "C:\Program Files\MSN Webcam Recorder\ml20gui.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.aqua-nat.org
O15 - Trusted Zone: http://messenger.msn.com
O15 - Trusted Zone: https://www.beinsports.com/france/nba/?gr=www
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivier333.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe


Je ne vois plus le trojan perfcoo, je pense que le pc est clean
peux tu me confirmer ? 

merci
Olivier

Lyonnais92 · Answer

Bonsoir,

le log d'Hijackthis est propre.

Il faut vérifier un peu plus.

Fait les points 1 à 3 de ce lien :

virus methode preliminaire de desinfection version fr

Poste les rapports de AVG Antispy et Bit defender.

@+

olivier879 · Answer

Bonjour

j'ai éffectué les verifications supplémentaires
voici les logs 

Log AVG Antispy :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	13:45:01 08/09/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Invité\Cookies\invité@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.


Fin du rapport




---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	13:45:01 08/09/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Invité\Cookies\invité@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.


Fin du rapport

Lyonnais92 · Answer

Bonjour,

OK pour le rapport AVG.

Mais je voudrais aussi le rapport de Bit Defender.

@+

olivier879 · Answer

je suis en train de le refaire je l'ai fait hier mais j'ai mal sauvegardé le rapport : je te le poste quand meme mais je ne pense pas que ça puisse t'aider ... sinon, comment fait on pour sauvegarder au format bloc notes ? BitDefender Online Scanner -Scan Report

BitDefender Online Scanner

Scan report generated at: Sat, Sep 08, 2007 - 16:43:29

Scan path: A:\;C:\;D:\;E:\;

Statistics
Time	02:48:42
Files	334317
Folders	7608
Boot Sectors	3
Archives	5464
Packed Files	9664

Results
Identified Viruses	0
Infected Files	0
Suspect Files	0
Warnings	0
Disinfected	0
Deleted Files	0

Engines Info
Virus Definitions	798266
Engine build	AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Scan plugins	14
Archive plugins	38
Unpack plugins	7
E-mail plugins	6
System plugins	1

Scan Settings
First Action	Disinfect
Second Action	Delete
Heuristics	Yes
Enable Warnings	Yes
Scanned Extensions	*;
Exclude Extensions
Scan Emails	Yes
Scan Archives	Yes
Scan Packed	Yes
Scan Files	Yes
Scan Boot	Yes

Scanned File	Status
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\357093367bc72461fea2c2b761df652e_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\360c5f534706a14f614ff1c8b230b1c5_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\367779238bde4c156806f98e75099860_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\367cd4808fa41454db14f8ad03d77778_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3736779ac61885674926d682164d7829_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d596cbbeb0282738c10f26a9d86351_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37eb2e223e444b68e8930f102f10ff8b_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39c1830fb580600cbe6b092c36632dc4_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39c56e0ad58316c4f3274f83e16a6540_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ae7c3dc59e2707f2a6768223cfc0235_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b0227132f62058bfca2258816a3bcf6_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b7693c6040ea48da4dc5300620a14c7_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d0f28810a41d80c733cb3351f3d9763_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d125d2c4e29896fcb33c06ce6b8445c_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3db03b4f58747c43f71c74e20dab2487_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e208bf73651f6bd80aa74ff9ebb5620_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e3aa4a01a58dfa298c93b50a27bb97f_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e759d2560068eaa668b1f76233c41ac_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ea5a863412ee6180bdc30ca3850cae1_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ec136cb742c9096f21cb2750001f481_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f69c09c3c787e8a88199a439ec2ff86_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fe8d074dcf4a5b23db6b1c34aa04c37_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\408abba2b688ff428ca74713b567c574_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40d6d3b4716c0366222ada80a10ed1da_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4123c65b0eb1bceff37e501ca4130a39_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4125c25a9c9d01ef50c736ca05124f74_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41f0f23534550fbaa9a7847d67fb6708_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42108fed2d785ac46b52832dd9450fff_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\423849335d37e0d75174b2bb608b53cf_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4287e7296a8672c154fcdc093258abc8_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42d4c09b9a821397e70102bc27dd72ec_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\430917af2dbebc5f84a49245c33798df_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4312bd53ec86e497d72cdb2240ccab88_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\433a70c9af162566800baf08ac668093_cb78e980-ff8d-4d0f-9e38-a69741dcdb8b	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment\	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment\cache\	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment\deployment.properties	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment\ext\	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment\log\	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment\security\	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment\security\auth.dat	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment\security rusted.certs	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment mp\	Clean
C:\Documents and Settings\Olivier\Application Data\Sun\Java\Deployment mp\si\	Clean
C:\Documents and Settings\Olivier\Application Data\Symantec\	Clean
C:\Documents and Settings\Olivier\Application Data\Symantec\Cleanup\	Clean
C:\Documents and Settings\Olivier\Application Data\Symantec\Cleanup\cuUser.cfg	Clean
C:\Documents and Settings\Olivier\Application Data\Symantec\Shared\	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Yes\Lift Me Up.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Yes\Long Distance Runaround.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Yes\Make It Easy (intro).gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Yes\Mood For A Day.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Yes\South Side Of The Sky.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Yes\Tempus Fugit.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Yes\The Clap.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Yes\Yes - Mood For A Day.gp3	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Young Neil\Heart of gold.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Young Neil\I Am A Child.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Young Neil\Neil Young - Hey Hey, My My.gp3	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Young Neil\The Needle And The Damage Done (2).gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Young Neil\The Needle And The Damage Done.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Young Neil\You And Me.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Zappa Frank\Peaches In Regalia.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Zappa Frank\Watermelon In Easter Hay.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Zappa Frank\Zoot Allures.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Zappa Riccardo\Zappa, Riccardo - Come Apparire A Cap Frehel.gp3	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Zappa Riccardo\Zappa, Riccardo - Prenditi Tempo.gp3	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\Zebrahead\Zebrahead - Playmate of the Year.gp3	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\A Fool For Your Stockings.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\Gimme All Your Lovin' Solo.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\Got Me Under Pressure (solo).gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\I Thank You.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\La Grange (2).gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\La Grange.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\Rhythmen (incomplete).gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\Sharp Dressed Man.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\Tush (2).gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\Tush.gtp	Clean
C:\Program Files\eMule\Incoming\59.000 Guitar Pro Tabs - My Songbook.rar=>59.000 Tablatures Guitar Pro Par Kordman ablature\class? par alphabet\x-y-z\ZZ Top\ZZ Top - La Grange.gp3	Clean
C:

olivier879 · Answer

re bonjour Lyonnais

voici le log de bit defender 


BitDefender Online Scanner
  
  
 
Scan report generated at: Sun, Sep 09, 2007 - 16:49:31
 
 
  
  
 
Scan path: A:\;C:\;D:\;E:\;
  
  
 
 
  
  
 
Statistics
 
Time
 02:38:06
 
Files
 337277
 
Folders
 7617
 
Boot Sectors
 3
 
Archives
 5512
 
Packed Files
 9872
 
  
  
 
Results
 
Identified Viruses 
 0
 
Infected Files 
 0
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 0
 
  
  
 
Engines Info
 
Virus Definitions
 800226
 
Engine build
 AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
No virus found.
  



je pense que cette fois ci c'est bon
peux tu me confirmer ?

Lyonnais92 · Answer

Bonjour,

je crois que tout est OK.

En général, on se laisse 2 à 3 jours pour faire tournert l'ordi normalement.

C'est que je te propose. Tu reviens mardi ou mercredi dire que tout va bien et on mettra le post en résolu.

Bon surf.

olivier879 · Answer

Bonjour,

qu'est ce que tu entends par "faire tourner l'ordi normalement" ? 
en fait mon pc n'avait pas de probleme de ralentissement ou autre, je me suis simplement rendu compte qu'il etait infecté en faisant un scan hijack par hasard...


sinon merci enormément pour ton aide, je ne sais pas comment j'aurais si tu n'avais pas été là ...  ;-)

Lyonnais92 · Answer

Re,

OK

@+