Sujet Précédent Sujet Suivant

Spyware tenace

teemu -  
 teemu -
Bonjour,

En surfant un peu sur google j'ai attrapé un virus reconut par avast comme cheval de troie, alerte de sécurité... virus impossible à mettre en quarantaine.
Depuis, impossible de m'en débarasser, Avast retrouve des virus, les détruit, ad aware idem, et spybot idem.

Le problème reste le même, le virus de base est toujours la.

De plus, Je ne peux plus accéder à mon panneau de configurartion. Si je veux accéder à "configurer les programmes par défaut" , il s'affiche :

"Cette opération est annulée en raison des restrictions en vigueur sur cette ordinateur. Contacter votre administrateur system."

Le panneau de configuration a complétement disparu

Je suis pourtant administrateur. J'ai été voir en mode sans échec. rien ni fait.

De plus j'ai une "Windows Security Alert" qui me polu et même avec Norton impossible de s'en débarraser.

Merci de m'aider, de me donner des conseils d'anti-virus/spyware pour me débarasser de ce **** de cheval de troie.

Merci.
A voir également:

37 réponses

Précédent
  • 1
  • 2
Réponse 21 / 37
teemu
 
Pardon :)
Et merci beaucoup pour ton aide, ca va deja beaucoup mieux (accés au panneau de config, plus de message d'alertes)

BitDefender Online Scanner

Scan report generated at: Tue, Nov 13, 2007 - 21:42:02

Scan path: A:\;C:\;D:\;

Statistics

Time
00:47:35

Files
279374

Folders
8107

Boot Sectors
2

Archives
1548

Packed Files
10374

Results

Identified Viruses
9

Infected Files
71

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
70

Engines Info

Virus Definitions
870696

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\ELO\Application Data\pcpriv.exe
Infected with: Trojan.Generic.70831

C:\Documents and Settings\ELO\Application Data\pcpriv.exe
Disinfection failed

C:\Documents and Settings\ELO\Application Data\pcpriv.exe
Deleted

C:\Documents and Settings\ELO\Application Data\spyguard.exe
Infected with: Trojan.Generic.72290

C:\Documents and Settings\ELO\Application Data\spyguard.exe
Disinfection failed

C:\Documents and Settings\ELO\Application Data\spyguard.exe
Deleted

C:\Documents and Settings\teemu\Menu Démarrer\Programmes\Démarrage\findfast.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\Documents and Settings\teemu\Menu Démarrer\Programmes\Démarrage\findfast.exe
Disinfection failed

C:\Documents and Settings\teemu\Menu Démarrer\Programmes\Démarrage\findfast.exe
Deleted

C:\Program Files\xixduesb\iextsdux.dll
Infected with: Generic.Otuboh.0085C677

C:\Program Files\xixduesb\iextsdux.dll
Disinfection failed

C:\Program Files\xixduesb\iextsdux.dll
Delete failed

C:\rapport.txt
Infected with: Generic.Qhost.9F9F4520

C:\rapport.txt
Disinfection failed

C:\rapport.txt
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040957.exe
Infected with: Generic.Otuboh.Dropper.EA6EEDC0

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040957.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040957.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040966.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040966.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040966.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040968.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040968.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040968.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040970.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040970.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040970.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040971.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040971.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040971.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040974.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040974.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040974.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041313.exe
Infected with: Generic.Otuboh.Dropper.EA6EEDC0

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041313.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041313.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041325.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041325.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041325.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041326.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041326.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041326.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041327.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041327.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041327.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041328.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041328.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041328.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042323.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042323.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042323.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042324.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042324.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042324.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042325.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042325.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042325.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042326.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042326.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042326.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042337.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042337.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042337.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042338.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042338.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042338.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042339.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042339.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042339.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042340.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042340.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042340.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042582.exe
Infected with: Trojan.Generic.72290

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042582.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042582.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042604.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042604.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042604.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042605.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042605.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042605.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042606.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042606.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042606.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042607.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042607.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042607.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043325.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043325.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043325.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043326.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043326.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043326.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043327.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043327.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043327.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043337.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043337.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043337.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043338.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043338.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043338.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043339.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043339.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043339.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043340.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043340.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043340.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043419.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043419.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043419.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043420.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043420.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043420.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043421.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043421.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043421.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043422.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043422.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043422.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043543.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043543.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043543.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043545.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043545.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043545.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043546.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043546.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043546.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043547.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043547.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043547.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044350.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044350.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044350.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044351.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044351.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044351.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044352.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044352.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044352.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044353.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044353.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044353.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044380.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044380.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044380.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044381.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044381.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044381.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044382.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044382.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044382.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044383.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044383.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044383.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044391.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044391.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044391.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044392.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044392.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044392.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044393.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044393.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044393.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044394.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044394.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044394.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044417.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044417.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044417.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044418.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044418.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044418.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044419.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044419.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044419.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044420.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044420.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044420.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044443.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044443.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044443.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044444.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044444.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044444.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044445.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044445.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044445.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044446.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044446.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044446.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044476.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044476.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044476.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044617.exe
Infected with: Trojan.Generic.70831

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044617.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044617.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044618.exe
Infected with: Trojan.Generic.72290

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044618.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044618.exe
Deleted

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044619.exe
Infected with: Generic.Malware.SDYd!wdld.9437799C

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044619.exe
Disinfection failed

C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044619.exe
Deleted

C:\WINDOWS\system32\drivers\etc\hosts
Infected with: Generic.Qhost.1E807466

C:\WINDOWS\system32\drivers\etc\hosts
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.msn
Infected with: Generic.Qhost.7BF24B3A

C:\WINDOWS\system32\drivers\etc\hosts.msn
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.msn
Deleted

C:\WINDOWS\system32\shil.exe
Infected with: Win32.Worm.Rxbot.KU

C:\WINDOWS\system32\shil.exe
Disinfection failed

C:\WINDOWS\system32\shil.exe
Deleted
0
Réponse 22 / 37
clownface Messages postés 1490 Statut Membre 73
 
desactive ta restauration systeme (clic droit sur le poste de travail / propriété, onglet restauration du systeme tu coches "désactiver"
ensuite tu redemarres en mode sans echec et supprimes ce dossier : C:\Program Files\xixduesb

tu reviens en mode normal et refais un scan bitdefender
0
Réponse 23 / 37
teemu
 
Bonjour,

BitDefender Online Scanner

Scan report generated at: Tue, Nov 13, 2007 - 23:43:26

Scan path: A:\;C:\;D:\;

Statistics

Time
00:48:27

Files
270428

Folders
7920

Boot Sectors
2

Archives
1476

Packed Files
10170

Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1

Engines Info

Virus Definitions
870829

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\RECYCLER\S-1-5-21-776561741-746137067-682003330-1003\Dc9\iextsdux.dll
Infected with: Generic.Otuboh.0085C677

C:\RECYCLER\S-1-5-21-776561741-746137067-682003330-1003\Dc9\iextsdux.dll
Disinfection failed

C:\RECYCLER\S-1-5-21-776561741-746137067-682003330-1003\Dc9\iextsdux.dll
Deleted
0
Réponse 24 / 37
clownface Messages postés 1490 Statut Membre 73
 
Bonjour,

relances hijackthis
coches et fixes toutes les lignes O18 correspondantes à ta web cam, sauf celle-ci :

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

télécharge superantispyware (version free) : lien + tuto : https://www.malekal.com/?s=SUPERAntiSpyware
fais un scan comme indiqué dans le tuto
montres ensuite un nouveau rapport hijackthis.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 37
teemu
 
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:57:53, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - (no file)
O2 - BHO: (no name) - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 26 / 37
clownface Messages postés 1490 Statut Membre 73
 
Bonjour,

tu vas aller sur ce site : https://www.virustotal.com/gui/

et tu vas faire analyser ces fichiers :
C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll
C:\Documents and Settings\All Users\Application Data\zmjaleju.dll
C:\Documents and Settings\All Users\Application Data\hynmtghs.dll
C:\Documents and Settings\All Users\Application Data\otijinob.dll

il faudra ensuite les supprimer (en mode sans echec s'il refuse de le faire en mode normal)
0
Réponse 27 / 37
teemu
 
Bonjour,

OK fichiers suprimés.
0
Réponse 28 / 37
clownface Messages postés 1490 Statut Membre 73
 
Bonjour,

postes un nouveau rapport hijackthis stp
0
Réponse 29 / 37
teemu
 
Bonjour,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:04, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - (no file)
O2 - BHO: (no name) - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
0
Réponse 30 / 37
clownface Messages postés 1490 Statut Membre 73
 
Bonsoir,

relance hijackthis, coches ces lignes :
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - (no file)
O2 - BHO: (no name) - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} -
ensuite cliques sur fix checked.

on va changer d'antivirus, sinon on va pas s'en sortir : http://forum.malekal.com/ftopic4192.php
tu feras un scan et postera le rapport

il te faudrait aussi un parefeu : http://www.commentcamarche.net/faq/sujet 3486 securite le parefeu de windows xp
0
Réponse 31 / 37
teemu
 
Bonjour,

Antivir installé à la place d'Avast
Zone Alarm remplace le pare-feu windows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:27, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\GUILD WARS\Gw.exe
C:\WINDOWS\System32\msiexec.exe
C:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 32 / 37
clownface Messages postés 1490 Statut Membre 73
 
Bonjour,

tu as fait un scan avec antivir ? il y a un rapport ?

es-tu sur que tu avais supprimé les 4 fichiers ? (message 26)
s'ils sont encore là fais ceci :

Télécharge Pocket KillBox : https://www.bleepingcomputer.com/download/linux/
dézippes le sur ton bureau.
Démo animée : http://pageperso.aol.fr/balltrap34/killbox.htm

Ouvre Pocket Killbox

Copie le texte en gras ci-dessous (important fais bien un copier pour eviter tout type d'erreur) :

C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll
C:\Documents and Settings\All Users\Application Data\zmjaleju.dll
C:\Documents and Settings\All Users\Application Data\hynmtghs.dll
C:\Documents and Settings\All Users\Application Data\otijinob.dll

Clique sur le menu 'File' de KillBox (en haut à gauche) et choisis Paste from clipboard
Sélectionne "Delete on reboot"

Clique sur le bouton : All Files (!important!)

Clique maintenant sur le bouton Kill (cercle rouge avec un X blanc)
Killbox va te demander "...Would like to Reboot now ?", clique YES et attends le redémarrage.
Si tu ne reçois pas ce message, redémarre le PC normalement.

2/ Supprime ce dossier :

C:\!KillBox

3/ Vide ta corbeille et redémarre ton pc

0
Réponse 33 / 37
teemu
 
Bonjour,
Voici, j'ai fait comme expliqué ci-dessus et voila ce que me dit KillBox,

---------------------------
PendingFileRenameOperations
---------------------------
PendingFileRenameOperations Registry Data has been Removed by External Process!
---------------------------
OK
---------------------------
Je suis sur d'avoir supprimé ces fichiers comme demandé message 26,
Je te poste le rapport Antivir au plus vite.
0
Réponse 34 / 37
clownface Messages postés 1490 Statut Membre 73
 
ok dans ce cas tu pourras cocher/fixer ces lignes avec hijakcthis :

O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
0
Réponse 35 / 37
teemu
 
Bonjour,

ok lignes fixées avec hijackThis,
Voici le rapport Antivir :
AntiVir PersonalEdition Classic
Report file date: dimanche 18 novembre 2007 18:37

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BM7ACOQIYXN0X1B

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 18 novembre 2007 18:37

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NAVICL~1.EXE' - '1' Module(s) have been scanned
Scan process 'UStorSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'naviagent.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\uytp.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.69120.5
[INFO] The file was moved to '47b4886b.qua'!

End of the scan: dimanche 18 novembre 2007 19:46
Used time: 1:09:02 min

The scan has been done completely.

7957 Scanning directories
316647 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
316646 Files not concerned
1851 Archives were scanned
1 Warnings
54 Notes

Et dernier rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:12, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 36 / 37
clownface Messages postés 1490 Statut Membre 73
 
ton rapport hijackthis est propre, tu as encore des soucis ?

il te reste java à mettre à jour : http://www.commentcamarche.net/forum/affich 3711157 maj critique java par jalobservateur#0
0
Réponse 37 / 37
teemu
 
Bonjour,

Plus de soucis, Maj java ok

Merci beaucoup de ta patience, et de ton investissement : Un grand bravo.
0