virus bagle aidez moi please

Question

bonjour voila depuis quelque temps je ne peut plus instaler d'antivirus et il y a quelque autre petit bug
avec ad aware jai trouver bagle jai tout essayer sans succes il est toujour present c'est pour cela que je vien vous solliciter jai vu des cas similaire sur ce forum

merci d'avance

lafouine77 · Answer

voici le rapport hijack this



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:23, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\perfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32undll32.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\services.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lafouine77\Bureau\antibagle-en.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD443E2-A52A-4026-90BB-46B94C58D08D}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Performance Monitor - Unknown owner - C:\WINDOWS\perfmon.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Regis59 · Answer

Salut

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Exécute le Smitfraudfix.exe et choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

A+

lafouine77 · Answer

merci regis59

voici le rapport


SmitFraudFix v2.225

Rapport fait à 20:56:57,32, 18/09/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lafouine77


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lafouine77\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» 


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Regis59 · Answer

ok

Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5).  
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

puis 

Télécharge MSNFix.zip (de !aur3n7) sur ton bureau:
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).

Double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

A+

lafouine77 · Answer

je narrive pas a rebooter en mode san echec le pc revien a la selection du boot

lafouine77 · Answer

sinon jai telecharger ce ke tu ma dit


j'attend tes instruction regis

Regis59 · Answer

ok fais msnfix

a+

lafouine77 · Answer

ok c fait voici le rapport




MSNFix 1.508  
 
C:\Documents and Settings\Lafouine77\Bureau\MSNFix\MSNFix 
Fix exécuté le 18/09/2007 - 21:46:58,75 By Lafouine77 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\g7n4l2o4i4v4.exe 
... C:\WINDOWS\perfmon.exe 
... C:\WINDOWS\services.exe 
... C:\WINDOWS\W139_jpg.zip 
... C:\WINDOWS\system32\ban_list.txt 
... C:\WINDOWS\system32\microsoft\backup.ftp 
... C:\WINDOWS\system32\microsoft\backup.tftp 
... C:\WINDOWS\W139_jpg.zip 

************************  MSNCHK ***** /!\ beta test /!\

[!] C:\WINDOWS\W139_jpg.zip is INFECTED

 
************************ Recherche les dossiers présents       
 
... C:\Temp\ 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\g7n4l2o4i4v4.exe  
/!\ ...  C:\WINDOWS\perfmon.exe   
/!\ ...  C:\WINDOWS\services.exe   
.. OK ... C:\WINDOWS\W139_jpg.zip  
.. OK ... C:\WINDOWS\system32\ban_list.txt  
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp  
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp  
.. OK ... C:\WINDOWS\W139_jpg.zip 
 
 
************************ Suppression des dossiers       
 
.. OK ... C:\Temp\   
 
 
************************ Nettoyage du registre 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\WINDOWS\perfmon.exe  
.. OK ... C:\WINDOWS\services.exe  
 
 
 
************************ Fichiers suspects 
 
Aucun Fichier trouvé 
 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 18092007_21510626.zip
 
 
------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   ---------------------------------------------

lafouine77 · Answer

et voici le rapport smitfraudfix que jai fai apres msnfix vu ke tu ma dit de la faire




SmitFraudFix v2.225

Rapport fait à 21:55:18,00, 18/09/2007
Executé à partir de C:\Documents and Settings\Lafouine77\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

lafouine77 · Answer

voila je reste a votre ecoute pour tous conseil!!!

lafouine77 · Answer

re

au passage un rapport blacklight


qu'en pensez vous?



09/19/07 01:08:54 [Info]: BlackLight Engine 1.0.64 initialized
09/19/07 01:08:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/19/07 01:08:55 [Note]: 7019 4
09/19/07 01:08:55 [Note]: 7005 0
09/19/07 01:08:58 [Note]: 7006 0
09/19/07 01:08:58 [Note]: 7011 1680
09/19/07 01:08:58 [Note]: 7026 0
09/19/07 01:08:58 [Note]: 7026 0
09/19/07 01:09:01 [Note]: FSRAW library version 1.7.1022
09/19/07 01:11:17 [Note]: 10002 2
09/19/07 01:11:17 [Note]: 10002 2
09/19/07 01:11:34 [Info]: Hidden file: c:\WINDOWS\system32\drivers\hidr.exe
09/19/07 01:11:34 [Note]: 10002 2
09/19/07 01:11:34 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
09/19/07 01:11:34 [Note]: 10002 2
09/19/07 01:15:04 [Note]: 7007 0

Regis59 · Answer

Infection ;-)

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

lafouine77 · Answer

ok

j'ai telecharger ce que tu ma dit mai quand je double clic dessus ca m'ouvre une fenetre toute blei avec un tiret en haut a gauche et il ny ya rien d'ecri

lafouine77 · Answer

bleu et non blei desoler!!

Regis59 · Answer

Bizarre, tu peux reessayer?

A+

lafouine77 · Answer

jai essayer plein de fois mai rien ni fai jai une fenetre bleu avec un tiret ki clignotte 


P.S mozilla firefox ne marche plus surement a cause de ce virus encore

faut vraiment ke je leradique avant kil me plante tout le pc

Regis59 · Answer

ok

Rends toi sur ce site :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
tout en bas de cette page tu trouveras un outil
à télécharger,clique sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe
>laisse la case "eliminar ficheros automaticamente" coché
>clique sur"explorar"
>laisse-le travailler
>poste le rapport final qui sera dans c:\infosat.txt

Si, dans le rapport, tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

L'outil a rencontré un fichier qu'il reconnait mais ne sait pas encore éradiquer. Dans 24 heures environ, sur le site, la version de déchargement (v10.24 dans l'exemple) aura changé par rapport à celle actuelle. Tu retéléchargeras l'outil, tu le relanceras et tu posteras le rapport.

lafouine77 · Answer

encore merci regis d'etre la pour mon soucis ca fait vraiment plaisir


voila le rapport elibagla(ca a lair detre bon non?)






	  Fri Sep 21 00:47:37 2007
EliBagle v10.56  (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\LAFOUINE77\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

	  Fri Sep 21 00:48:14 2007
EliBagle v10.56  (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle

Regis59 · Answer

Cool

Tu peux reessayer combofix?

A+

lafouine77 · Answer

ok jai reussi a lancer conbofix voici le rapport ComboFix 07-09-18.4 - "Lafouine77" 2007-09-21 20:12:37.2 - NTFS x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1599 [GMT 2:00] [i] C:\WINDOWS\system32\chkdsk.exe manque [/i] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\srosa.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_PERFORMANCE_MONITOR ------- m ((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 ))))))))))))))))))))))))))))))) . 2007-09-19 22:26 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-19 01:30 d-------- C:\Program Files\Panda Security 2007-09-18 20:57 1,962 --a------ C:\WINDOWS\system32 mp.reg 2007-09-18 20:56 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-18 20:56 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-18 20:56 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-18 20:56 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-18 12:04 d-------- C:\!KillBox 2007-09-18 11:29 2,138,112 --a--c--- C:\WINDOWS\system32\dllcache tkrnlmp.exe 2007-09-18 11:29 2,138,112 --a------ C:\WINDOWS\system32 toskrnl.exe 2007-09-18 03:24 d-------- C:\Program Files\Trend Micro 2007-09-17 14:14 d--h----- C:\Program Files\Fichiers communs\Carlson 2007-09-16 15:46 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-09-16 15:46 d-------- C:\Program Files\Hamachi 2007-09-16 15:46 d-------- C:\DOCUME~1\LAFOUI~1\APPLIC~1\Hamachi 2007-09-12 03:37 d-------- C:\Program Files\Alwil Software 2007-09-11 01:01 d-------- C:\Program Files\Fichiers communs\Symantec Shared 2007-09-10 09:38 d-------- C:\Program Files\RegCleaner 2007-09-10 00:39 d--h----- C:\DOCUME~1\LAFOUI~1\APPLIC~1\m 2007-09-10 00:37 d-------- C:\Program Files\Symantec 2007-09-10 00:37 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-09-10 00:36 d-------- C:\Program Files\Multi_Media_France 2007-09-10 00:35 d-------- C:\Program Files\MultiMedia France Toolbar 2007-09-09 12:22 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-09-09 12:22 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-09 12:22 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-09 12:22 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-09 12:22 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-09 12:22 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-09 12:22 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-08 16:24 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-09-08 16:24 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-09-08 16:24 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-09-08 16:24 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-09-08 03:01 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-09-07 23:56 d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-20 01:52 22328 --a--c--- C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-09-20 01:50 103736 --a--c--- C:\WINDOWS\system32\PnkBstrB.exe 2007-09-19 11:19 --------- d---s---- C:\Program Files\Xfire 2007-09-19 01:23 --------- d-------- C:\DOCUME~1\LAFOUI~1\APPLIC~1\Xfire 2007-09-18 21:18 46080 --a--c--- C:\WINDOWS\system32\ftp.exe 2007-09-15 13:59 --------- d-------- C:\Program Files\eChanblard 2007-09-15 13:47 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-12 18:46 --------- d-------- C:\DOCUME~1\LAFOUI~1\APPLIC~1\uTorrent 2007-09-08 14:35 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-08-11 02:46 --------- d-------- C:\Program Files\Logitech 2007-08-11 02:46 --------- d-------- C:\Program Files\Fichiers communs\Logitech 2007-08-11 02:45 --------- d-------- C:\Program Files\Webteh 2007-08-08 21:38 --------- d-------- C:\DOCUME~1\LAFOUI~1\APPLIC~1\Logitech 2007-08-08 20:47 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-08-04 18:29 --------- d-------- C:\DOCUME~1\LAFOUI~1\APPLIC~1\dvdcss 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a--c--- C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a--c--- C:\WINDOWS\system32\wups.dll 2007-07-03 12:54 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-07-02 21:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-02 21:41 3596288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll 2007-07-02 21:41 200704 --a--c--- C:\WINDOWS\system32\ssldivx.dll 2007-07-02 21:41 1044480 --a--c--- C:\WINDOWS\system32\libdivx.dll 2007-07-02 21:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-02 21:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-02 21:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-02 21:37 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-02 21:37 73728 --a--c--- C:\WINDOWS\system32\dpl100.dll 2007-07-02 21:37 593920 --a--c--- C:\WINDOWS\system32\dpuGUI11.dll 2007-07-02 21:37 57344 --a--c--- C:\WINDOWS\system32\dpv11.dll 2007-07-02 21:37 53248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll 2007-07-02 21:37 344064 --a--c--- C:\WINDOWS\system32\dpus11.dll 2007-07-02 21:37 294912 --a--c--- C:\WINDOWS\system32\dpu11.dll 2007-07-02 21:37 294912 --a--c--- C:\WINDOWS\system32\dpu10.dll 2007-07-02 21:37 196608 --a--c--- C:\WINDOWS\system32\dtu100.dll 2007-07-02 21:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-07-02 21:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-06-29 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-06-27 03:59 344064 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2007-06-27 03:58 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-06-27 03:56 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-06-27 03:51 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2007-06-27 03:51 143360 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-06-27 03:51 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll 2007-06-27 03:50 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-06-27 03:50 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll 2007-06-27 03:49 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-06-27 03:48 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2007-06-27 03:44 8232960 --a------ C:\WINDOWS\system32\atioglx2.dll 2007-06-27 03:41 2940992 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-06-27 03:31 1519744 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-06-27 03:19 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-06-27 03:17 266240 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-06-27 03:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-06-27 03:14 176128 --a------ C:\WINDOWS\system32\atiok3x2.dll 2007-06-27 03:10 376832 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2006-02-20 17:00 C:\WINDOWS\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-03-14 15:45 C:\WINDOWS\alcwzrd.exe] "AceGain LiveUpdate"="C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 C:\WINDOWS\system32\bthprops.cpl] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 18:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 09:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-05 13:57] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-05-20 14:50] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-08 20:47] "msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion unonce] "Config"=%systemroot%\system32 un.cmd "nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" "tscuninstall"=%systemroot%\system32 scupgrd.exe C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 23:05:26] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-08 20:47:24] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-08 20:46:39] Watch.lnk - C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe [2006-10-30 13:18:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoSMHelp"=1 (0x1) "MemCheckBoxInRunDlg"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoWelcomeScreen"=1 (0x1) "NoAutoUpdate"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoSMHelp"=1 (0x1) "MemCheckBoxInRunDlg"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoWelcomeScreen"=1 (0x1) "NoAutoUpdate"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys S1 srosa;Megadrv3;\??\C:\WINDOWS\system32\drivers\srosa.sys S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-21 21:46:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-21 21:47:10 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-21 21:47 . --- E O F ---

lafouine77 · Answer

bonne nouvelle je croi qu'il est eradiquer,apres le redemarage du pc en fin d'analyse conbo

surprise jai pu reinstaler avast et mozila remarche donc je crois ke tt est regler jen serai sur ken tu m'ora confirmer ou sil ya encore des manip a faire 

en tt cas encore merci

Regis59 · Answer

Re,

Tu peux me remettre un hijackthis

a+

lafouine77 · Answer

ok


aussitot dit aussitot fait
voici le rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:26:57, on 23/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32undll32.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eChanblard\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD443E2-A52A-4026-90BB-46B94C58D08D}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Regis59 · Answer

OK

Supprime le msnfix que tu as.

Télécharge MSNFix.zip (de !aur3n7) sur ton bureau:
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).

Double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

A+

lafouine77 · Answer

ok



voici le rapport




MSNFix 1.518  
 
C:\MSNFix 
Fix exécuté le 23/09/2007 - 11:21:45,85 By Lafouine77 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\WINDOWS\perfmon.exe 
... C:\WINDOWS\W139_jpg.zip 
... C:\WINDOWS\system32\dllcache\winlogon.exe 
... C:\WINDOWS\system32\microsoft\backup.ftp 
... C:\WINDOWS\system32\microsoft\backup.tftp 
... C:\WINDOWS\W139_jpg.zip 

************************  MSNCHK ***** /!\ beta test /!\


 
************************ Recherche les dossiers présents       
 
... C:\Program Files\Fichiers communs\Carlson\ 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\WINDOWS\perfmon.exe  
.. OK ... C:\WINDOWS\W139_jpg.zip  
.. OK ... C:\WINDOWS\system32\dllcache\winlogon.exe  
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp  
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp  
.. OK ... C:\WINDOWS\W139_jpg.zip 
 
 
************************ Suppression des dossiers       
 
/!\ ...  C:\Program Files\Fichiers communs\Carlson\   
 
 
************************ Nettoyage du registre 
 
 
 
************************ Fichiers suspects 
 
Aucun Fichier trouvé 
 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 23092007_11240554.zip
 
 
------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   ---------------------------------------------

Regis59 · Answer

ok

Vas sur le site https://virusscan.jotti.org/ 
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : 
 C:\WINDOWS\services.exe
- Clic sur submit toujours en haut à droite 
- Le scan va se lancer, ça va prendre un petit instant 
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici. 
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

lafouine77 · Answer

ok sauf que je ne trouve pas le fichier que tu me demande meme en copi coller!!
jatend tes instructions

Regis59 · Answer

Ok pas grave.

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve  ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
  
 C:\WINDOWS\services.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

lafouine77 · Answer

ok 

jai coller ce que tu ma dit mai ca ne marche pas jai une fenetre avec une croix rouge qui s'ouvre

Regis59 · Answer

Et qui a  t il d indiqué?

Remet un HijackThis.

A+

lafouine77 · Answer

ok

alors voila ce kil ya dans la partie results (le tableau de gauche)
File/Folder C:\WINDOWS\services.exe not found.
 
Created on 09/25/2007 19:09:59



et voici le rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:09, on 25/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32undll32.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD443E2-A52A-4026-90BB-46B94C58D08D}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A369BC59-821B-4C58-8148-21AB177C3925} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Regis59 · Answer

ok

relance msnfix et dis moi ou en sont tes soucis

a+

lafouine77 · Answer

ok

msnfix me dit infection absente!!!!

Regis59 · Answer

ok donc supprime l infection.

Redemarre ton pc et relance msnfix

a+

Virus bagle aidez moi please

34 réponses

Votre réponse

Discussions similaires

Newsletters