Virus : Instant Messenger Names

JoOjoO -  
cgui33 Messages postés 1176 Statut Membre -
Bonjour,
Je suis infecté par Instant Messenger Names, un virus qui sur msn envoie à tous mes contacts un message en même temps. Cela bloque msn messenger et il devient impossible de l'utiliser. Je précise que ce message contient un lien envoyant vers un site pour télécharger un logiciel qui est en fait ce même virus! Et c'est justement de cette manière que je l'ai attrapé... Bref, depuis deux jours je fait de multiples analyses avec de multiples logiciels, mais le virus est toujours là! Je ne sais plus quoi faire et je vous demande donc votre aide. Merci d'avance!
Configuration: Windows XP
Firefox 2.0.0.11

47 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le phénomène décrit une infection virale nommée Instant Messenger Names qui envoie un message en masse à tous les contacts via MSN et bloque MSN Messenger sur Windows XP. Des conseils privilégient le démarrage en mode sans échec puis l'emploi d'outils de nettoyage tels que HijackThis, Ad-Aware et CCleaner pour éliminer les composants persistants. Plusieurs éléments évoqués dans les échanges concernent des fichiers suspects tels que bwgo0000ba48.exe, windir32.exe et SetPaths.bat, des modifications de proxy, et des analyses via HijackThis pour identifier les résidents du système. Pour certaines recommandations, il est recommandé d'évaluer les programmes de sécurité et les éléments de démarrage, notamment les entrées Run et les modules du navigateur, afin d'éviter les réinfestations.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. JoOjoO
     
    Je vais maintenant vous dire dans l'ordre tout ce que j'ai fait :
    D'abord j'ai supprimer le dossier "Instant Messenger Names" dans "Programs Files" ;
    Ensuite j'ai fait une analyse avec mon antivirus, "McAfee". Résultat : il me dit qu'il a trouvé "Instant Messenger Names" et je l'ai supprimé ;
    Après j'ai fait une analysse avec "Task Manager" et j'ai supprimé les éléments dangeureux. Je n'ai pas de rapport ;
    J'ai fait une analyse avec "Ad-Aware 2007" et j'ai supprimé les fichiers détectés. Je n'ai pas de rapport ;
    J'ai fait une analyse avec "CCleaner" et j'ai supprimé les éléments détectés. Rapport ci-dessous ;
    J'ai analysé mon ordinateur avec "AVG Anti-Spyware" et j'ai supprimé les éléments détectés. Rapport ci-dessous ;
    J'ai fait un rapport avec "Hijackthis" ci-dessous.
    0
  2. JoOjoO
     
    Excusez moi je me suis trompé je n'ai pas de rapport pour "CCleaner" mai j'ai un autre rapport de "BitDefender", un antivirus en ligne.
    Je vous copie tous les rapports ci-dessous.
    0
  3. JoOjoO
     
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 01:40:02 03/01/2008

    + Résultat de l'analyse:

    HKU\S-1-5-21-796107124-3522498309-724594518-1008\Software\salm -> Adware.180Solutions : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Common -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Common\Time -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Common\Updates -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\EUI -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\HtmlPPP -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\ImagesHistory -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Install -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\PI -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg800 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg801 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg802 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg803 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg807 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg808 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg810 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg811 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg812 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg818 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg819 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg824 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg825 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg826 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg827 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg828 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg829 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg830 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg842 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg843 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg844 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg845 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg847 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg848 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg849 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg852 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg853 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg856 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg857 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg860 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\Sample\Hist\sg861 -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\UserInfo -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\dynamic -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\init -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\links -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\options -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HbTools\updates -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HostOI -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HostOI\Updates -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HostOL -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HostOL\Updates -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\HostOL\soho -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Time -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Time\HostIE -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Time\HostIE\Updates -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Time\HostOI -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Time\HostOI\Updates -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Time\HostOL -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\HbTools\Time\HostOL\Updates -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\ShopperReports -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\ShopperReports\ShopperReports -> Adware.HotBar : Nettoyé.
    HKU\S-1-5-21-796107124-3522498309-724594518-1006\Software\ShopperReports\ShopperReports\PostInstaller -> Adware.HotBar : Nettoyé.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0450078.exe -> Adware.WinFixer : Nettoyé.
    C:\Program Files\OneStepSearch\onestep.dll -> Not-A-Virus.Adware.OneStep : Nettoyé.
    C:\Documents and Settings\khalil\Local Settings\Temp\ICD1.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé.
    C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP630\A0416857.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
    C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.334:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\w6pt0p5a.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
    :mozilla.58:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\w6pt0p5a.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.63:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\w6pt0p5a.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.64:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\w6pt0p5a.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
    :mozilla.707:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\w6pt0p5a.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé.
    C:\Documents and Settings\khalil\Local Settings\Temp\Cookies\khalil@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.147:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\w6pt0p5a.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.148:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\w6pt0p5a.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    C:\Documents and Settings\marie jose\Cookies\marie jose@lop[1].txt -> TrackingCookie.Lop : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@real[2].txt -> TrackingCookie.Real : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.56:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\w6pt0p5a.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.57:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\w6pt0p5a.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\khalil\Local Settings\Temp\Cookies\khalil@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\marie jose\Cookies\marie jose@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\Documents and Settings\khalil\Cookies\khalil@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.

    Fin du rapport
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. JoOjoO
     
    BitDefender Online Scanner

    Scan report generated at: Thu, Jan 03, 2008 - 13:46:48

    Scan path: C:\;D:\;E:\;

    Statistics

    Time

    02:36:43

    Files

    394250

    Folders

    14228

    Boot Sectors

    6

    Archives

    8204

    Packed Files

    18350

    Results

    Identified Viruses

    5

    Infected Files

    10

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    10

    Engines Info

    Virus Definitions

    885212

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    14

    Archive plugins

    38

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\upgrade[1].cab=>upgrade.exe=>(NSIS o)=>lzma_solid_nsis0001

    Infected with: Trojan.Dloader.AMA

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\upgrade[1].cab=>upgrade.exe=>(NSIS o)=>lzma_solid_nsis0001

    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\upgrade[1].cab=>upgrade.exe=>(NSIS o)=>lzma_solid_nsis0001

    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\upgrade[1].cab=>upgrade.exe=>(NSIS o)

    Update failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\A0374374.exe

    Detected with: Adware.Navipromo.BYT

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\A0374374.exe

    Disinfection failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP611\A0374374.exe

    Deleted

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP638\A0434570.exe

    Detected with: Adware.Navipromo.BYZ

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP638\A0434570.exe

    Disinfection failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP638\A0434570.exe

    Deleted

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferInstaller.exe

    Infected with: Trojan.Adclicker.D

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferInstaller.exe

    Disinfection failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferInstaller.exe

    Deleted

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)

    Updated

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferUnInstaller.exe

    Infected with: Trojan.Adclicker.D

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferUnInstaller.exe

    Disinfection failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferUnInstaller.exe

    Deleted

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)

    Updated

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>2.exe

    Update failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>1.exe

    Infected with: Dropped:Trojan.Clicker.Small.IZ

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>1.exe

    Disinfection failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)=>1.exe

    Deleted

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449780.exe=>(RAR Sfx o)

    Update failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferInstaller.exe

    Infected with: Trojan.Adclicker.D

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferInstaller.exe

    Disinfection failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferInstaller.exe

    Deleted

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)

    Updated

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferUnInstaller.exe

    Infected with: Trojan.Adclicker.D

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferUnInstaller.exe

    Disinfection failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)=>SurferUnInstaller.exe

    Deleted

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>2.exe=>(ZIP Sfx o)

    Updated

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>2.exe

    Update failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>1.exe

    Infected with: Dropped:Trojan.Clicker.Small.IZ

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>1.exe

    Disinfection failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)=>1.exe

    Deleted

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0449781.exe=>(RAR Sfx o)

    Update failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0450087.dll

    Infected with: Trojan.Dloader.AMA

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0450087.dll

    Disinfection failed

    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP653\A0450087.dll

    Deleted
    0
  6. JoOjoO
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:22:12, on 03/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\DOCUME~1\joseph\LOCALS~1\Temp\spoolsv.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\DOCUME~1\joseph\LOCALS~1\Temp\bwgo0000b054.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=SECURITOO:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O2 - BHO: (no name) - {59619D5F-5B0F-C2DF-BBB4-C15A5E08769E} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [Microsoft Office] C:\DOCUME~1\joseph\LOCALS~1\Temp\spoolsv.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://media.grab.com/media/35f4a8/games/files/1147/axhost.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bw+0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\fswsclds.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
    0
  7. JoOjoO
     
    Merci de ton aide tristan07, je vais utiliser "msn fix" et je verrai si le virus est encore là ou pas.
    0
  8. tristan07 Messages postés 899 Statut Membre 35
     
    fais le scan avec msn.fix comme je te l'ai dit
    0
  9. tristan07 Messages postés 899 Statut Membre 35
     
    ok désolé j'avais pas vu le message...
    0
  10. JoOjoO
     
    J'ai un problème avec "msn fix" :
    Je le lance , tout ce passe bien. Jappuie sur la touche R puis sur la touche Entrée, rien ne se passe.
    0
  11. tristan07 Messages postés 899 Statut Membre 35
     
    alors du nouveau?
    0
  12. cgui33 Messages postés 1176 Statut Membre 10
     
    Salut JoOjoO (et Tristan07)

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    Ensuite je pense que l'on pourrait faire un peu de ménage là-dedans (pour éclaircir !)

    Relance HijackThis
    Do a system scan only
    Coches toutes ces lignes (te trompes pas !) (Aide : toutes les lignes 018 sont à cocher !)

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O2 - BHO: (no name) - {59619D5F-5B0F-C2DF-BBB4-C15A5E08769E} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [Microsoft Office] C:\DOCUME~1\joseph\LOCALS~1\Temp\spoolsv.exe
    O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://media.grab.com/media/35f4a8/games/files/1147/axhost.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bw+0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {AF0E7C4F-C8EA-4DCC-B7E7-E3E05B96951A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\fswsclds.exe (file missing)
    O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)

    Enfin ... oui je sais ça fait beaucoup (mais je pense que l'on pourra en virer d'autres plus tard !)

    Ensuite ferme toutes tes applications et
    clic sur Fix checked

    Ensuite lance OTmoveIT
    Sélectionne les 2 lignes ci dessous :

    C:\DOCUME~1\joseph\LOCALS~1\Temp\spoolsv.exe
    C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

    --> Clique-droit puis Copier (ou Ctrl+C)
    Double-clique sur OTMoveIt.exe afin de le lancer.
    fais un Clique-droit sur le cadre de gauche puis choisis Coller. (ou Ctrl+V).
    Clique maintenant sur MoveIt!

    Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport est la date de sa création.

    Recherche windir32.exe sur le PC et détruit le (si tu peux !)

    Et reposte un log Hijack
    A+
    0
  13. JoOjoO
     
    Il m'est impossible de trouver la ligne
    O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

    Serait-ce
    04 - HKCU\..\Run [ctfmon.exe] C:\WINDOWSsystem32\ctfmon.exe
    ?
    0
  14. cgui33 Messages postés 1176 Statut Membre 10
     
    NON
    fais le reste tant pis ... on verra après !
    A+
    0
  15. JoOjoO76 Messages postés 15 Statut Membre
     
    Avec "OtMeveIt", je n'ai pas eu à redémarrer mais j'ai du redémarrer après "Fix Checked"

    Je vais dans "Démarrer" "Rechercher" "Tous les fichiers et tous les dossiers",je tape "windir32.exe", "Rechercher"."La recherche est terminée. Il n'y a aucun résultat à afficher.
    0
  16. JoOjoO76 Messages postés 15 Statut Membre
     
    rapport de "OTmoveIt"

    File/Folder C:\DOCUME~1\joseph\LOCALS~1\Temp\spoolsv.exe not found.
    C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll unregistered successfully.
    C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll moved successfully.

    Created on 01/03/2008 22:15:58
    0
  17. JoOjoO76 Messages postés 15 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:33:58, on 03/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\DOCUME~1\khalil\LOCALS~1\Temp\bwgo0000b595.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb02986FR_ZNxdm41465FR
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\fswsclds.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  18. cgui33 Messages postés 1176 Statut Membre 10
     
    Re,
    C'est plus clair mais ... on continue !
    Relance HijackThis
    Do a system scan only
    Coches toutes ces lignes

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb02986FR_ZNxdm41465FR
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\fswsclds.exe (file missing)

    Ensuite ferme toutes tes applications et
    clic sur Fix checked

    Ensuite : MSNFIX
    Télécharge MSNFix.zip (de !aur3n7) sur ton bureau
    http://sosvirus.changelog.fr/MSNFix.zip

    Dézippe-le en faisant un clic droit puis extraire ici.
    Double-clique sur MSNfix.bat
    Choisis l'option R. Si l'infection est détectée, il te suffit d'appuyer sur une touche du clavier. Un redémarrage du PC peut être demandé.
    Le rapport est enregistré dans le même dossier que MSNfix (date.txt). Copie-colle son contenu dans ta prochaine réponse.

    ------
    Si un virus est détecté, il te sera alors demandé de nettoyer l'ordinateur.
    Un message d'erreur concernant la suppression impossible d'un fichier sera résolu par un redémarrage.
    Après le nettoyage, la barre "Démarrer" s'efface puis réapparait, cela fait partie de la procédure de nettoyage.

    Si la barre "Démarrer" ne s'affiche toujours pas, il suffit de faire
    Ctrl + Alt + Suppr sous Windows XP
    pour ouvrir le Gestionnaire de tâches Windows.

    Fait ensuite "Fichier" puis "Nouvelle tâche" et entre explorer.exe dans la fenêtre qui apparait et clic sur "OK".
    N'oublie pas de redémarrer l' ordinateur pour achever le nettoyage !

    Et reposte un log Hijack en suivant

    A+
    Et dis moi ce qui se passe sur le PC
    0
  19. JoOjoO76 Messages postés 15 Statut Membre
     
    Dans "msn fix", lorsque j'appue sur "R" puis ur" Entrée" rien n se passe.
    0
  • 1
  • 2
  • 3