Sujet Précédent Sujet Suivant

Pc infecté par trojans/adwares ..

FkA -  
 FkA -
Bonjour tout le monde,

J'ecris ce message suite a une (ou plusieurs) infections que je n'avais pas vu arriver (surement du a un mauvais telechargement parce que j'en fais beaucoup)
Avast! ne me signalait rien, mais plusieurs signes m'ont fait savoir que j'etais infecté.. je suis alors passé sous Antivir, et la j'ai eu confirmation (mon unité centrale qui n'arrete pas de bipper)
Ce n'est pas la premiere fois que je suis infecté, mais la c'est vraiment la pire

Voilà mes symptômes :

=> Alerte de detection du trojan tr/agent.81500.15 a chaque fois que j'ouvre un dossier, un fichier, et même HijackThis.
( Je precise que j'ai d'autres virus sur l'ordi, qu'il y en a au moins 10 dans le system32, par exemple le fichier gebcy.dll qui ne veut pas etre supprimé "parce qu'en cours d'execution". D'ailleurs il y a beaucoup de .dll dans ces virus)
=> Ralentissement enorme de l'ordinateur et d'Internet, hier les pages pouvaient mettre un quart d'heure a s'afficher, quoiqu'aujourd'hui ce dit ralentissement semble se calmer.
=> Obligé de fonctionner en mode debogage la plupart du temps (sinon, les alertes antivir sont trois fois plus frequentes, ce qui me paralyse)
=> Hier : changement du theme de bureau sans mon avis : le theme windows xp a été changé en theme rappelant windows 98, de plus le theme windows XP n'apparaissait plus dans parametres>themes. Il est reapparu ce matin, je suppose que c'est parce que j'ai booté avec un autre OS (il y a 3 os sous ce windows xp, ils sont tous quasiment les memes)
=> Effacement intempestifs d'onglets Firefox ..

SmitFraudFix en mode sans echec ne m'a pas servi a grand chose

Voici le rapport que HiJackThis m'a generé :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:00, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\franck\Bureau\dotnetfx.exe
C:\DOCUME~1\franck\LOCALS~1\Temp\IXP000.TMP\Install.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\franck\Bureau\Raruto (n'importe quoi !)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-

944B27ED919C} - C:\WINDOWS\system32\atgban.dll
O2 - BHO: (no name) - {1D7C1BB5-AEB7-4F80-9D63-8DB88D25C127} -

C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} -

C:\WINDOWS\system32\hggfcaa.dll
O2 - BHO: {f6719c1f-1919-7ed9-0484-5d5ab65f0605} - {5060f56b-a5d5-4840-9de7-

9191f1c9176f} - C:\WINDOWS\system32\wekvdjcm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32

\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\franck\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User

'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User

'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -

http://ww2.mayeticvillage.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) -

http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager)

- https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -

http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -

http://game18.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) -

http://jeuxentelechargement.orange.fr/orange2.0/OnlineHSS/zuma/Popcap.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) -

http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: hggfcaa - C:\WINDOWS\SYSTEM32\hggfcaa.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH -

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH -

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
A voir également:

14 réponses

Réponse 1 / 14
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Tout ce-ci est normal ...

Maintenant , nettoyage dans les coins .

Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

vas dans nettoyeur : fait annalyse puis nettoyage
et vas dans registre : fait chercher les erreurs et réparer ( plusieur fois jusqu'a ce qu'il n'y est plus d'erreur )

redémarre ton PC et dit moi ce que ça donne : tous les prb ont disparu ?

Postes moi aussi un dernier scan Hijackthis pour analyse ...

On reprendra la suite pour finir plus tard ... je doit m'absenter ;)
1
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
PS : Après ces dernières manipes , évites d'utiliser ton PC , c'est mieux ... ;)
0
Réponse 2 / 14
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
salut,
1-Télécharger Vundofix.exe (par Atribune) sur votre Bureau:
http://www.atribune.org/ccount/click.php?id=4

Double-cliquer sur VundoFix.exe afin de le lancer.

Cliquer sur le bouton Scan for Vundo.
Lorsque le scan est complété, cliquer sur le bouton fix Vundo.

Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.

Le contenu du rapport est situé dans C:\vundofix.txt ---> poste ce rapport dans ta nouvelle réponse

2- supprime completement Hijacthis .
Retélécharge et réinstalle le ( IMPORTANT--->renommer le setup avant l'instale : click droit/renommer: exp"theJack.exe")

https://www.pcastuces.com/logitheque/hijackthis.htm
tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

postes le nouveau rapport généré pour analyse dans ta prochaine réponse ...
0
Réponse 3 / 14
FkA
 
Alors

pour le 1 :

J'ai telechargé Vundofix, mis sur le bureau, lancé un scan et aucun fichier n'a été trouvé.
Pour assurer le coup j'en ai fait un deuxieme pour le meme resultat
(Donc, pas de shutdown proposé et pas de redemarrage)

Pour le 2 :

Voilà le nouveau rapport, hop :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:20, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll
O2 - BHO: (no name) - {1D7C1BB5-AEB7-4F80-9D63-8DB88D25C127} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\hggfcaa.dll
O2 - BHO: {f6719c1f-1919-7ed9-0484-5d5ab65f0605} - {5060f56b-a5d5-4840-9de7-9191f1c9176f} - C:\WINDOWS\system32\wekvdjcm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://ww2.mayeticvillage.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxentelechargement.orange.fr/orange2.0/OnlineHSS/zuma/Popcap.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: hggfcaa - C:\WINDOWS\SYSTEM32\hggfcaa.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
0
Réponse 4 / 14
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
on as faire ce-ci :

Télécharger VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau , postes le.
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).

puis ensuite, fait un autre scan Hijack et postes le aussi
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
FkA
 
Petites precisions avant mon post :
Je ne sais pas vraiment ce qui s'est passé, mais certains symptomes ont disparu, pourtant je n'ai absolument rien fait (peut-être le mode debogage) : la navigation est beaucoup plus rapide, les pubs-a-la-con (comme quoi mon ordi etait infecté, ou autres "bravo vous etes le ..eme visiteur") ont disparu, et j'ai pu supprimer manuellement gebcy.VIR qui squattait le system32, qui ne pouvait pas etre viré avant.
Antivir me fais moins bipper le systeme (alors qu'avant ca arrivait rien qu'en cliquant sur l'icone qui permettait d'afficher le bureau ou en lancant n'importe quoi a partir de demarrer)

Par contre, certaines configurations sont revenues par defaut (les bruitages systeme)

En fait je sais pas vraiment ou j'en suis

Bref, je pense pas qu'un ordi puisse "se desinfecter tout seul" (surtout dans l'etat ou il etait), donc j'envoie les rapports ici :

Pour ce que tu m'a proposé : le premier programme m'a effectivement fait redemarrer l'ordi, mais sans ecran bleu

###

Au cas ou : la liste des mises en quarantaine de Antivir :

3 fois TR/Vundo.Gen (l'emplacement serait, selon antivir, le gebcy.dll dans system32)
9 fois (et plus recents) le TR/Agent.81500.15 (le hggfcaa.dll dans system32)

Apres ca, je suis allé dans le system32 et j'ai pu virer manuellement (au shift+suppr je precise) deux fichiers qui avait pour nom gebcy.dll et hggfcaa.dll (qui faisait bipper antivir des que je pointais dessus ..). Ce matin, je ne pouvais pas les virer sous pretexte qu'ils etaient utilisés par un autre programme

##############################

Ca c'est VBG

[04/05/2008, 18:07:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\franck\Bureau\VirtumundoBeGone.exe" )
[04/05/2008, 18:07:19] - User choose NOT to continue. Exiting...

[04/05/2008, 18:07:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\franck\Bureau\VirtumundoBeGone.exe" )
[04/05/2008, 18:07:38] - Detected System Information:
[04/05/2008, 18:07:38] - Windows Version: 5.1.2600, Service Pack 2
[04/05/2008, 18:07:38] - Current Username: franck (Admin)
[04/05/2008, 18:07:38] - Windows is in NORMAL mode.
[04/05/2008, 18:07:38] - Searching for Browser Helper Objects:
[04/05/2008, 18:07:38] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[04/05/2008, 18:07:38] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[04/05/2008, 18:07:38] - BHO 3: {16B435F6-B6CE-4F24-A568-944B27ED919C} (targettedbanner.biz browser enhancer)
[04/05/2008, 18:07:38] - BHO 4: {1D7C1BB5-AEB7-4F80-9D63-8DB88D25C127} ()
[04/05/2008, 18:07:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/05/2008, 18:07:38] - Checking for HKLM\...\Winlogon\Notify\gebcy
[04/05/2008, 18:07:38] - Key not found: HKLM\...\Winlogon\Notify\gebcy, continuing.
[04/05/2008, 18:07:38] - BHO 5: {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} ()
[04/05/2008, 18:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/05/2008, 18:07:39] - Checking for HKLM\...\Winlogon\Notify\hggfcaa
[04/05/2008, 18:07:39] - Found: HKLM\...\Winlogon\Notify\hggfcaa - This is probably Virtumundo.
[04/05/2008, 18:07:39] - Assigning {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} MSEvents Object
[04/05/2008, 18:07:39] - BHO list has been changed! Starting over...
[04/05/2008, 18:07:39] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[04/05/2008, 18:07:39] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[04/05/2008, 18:07:39] - BHO 3: {16B435F6-B6CE-4F24-A568-944B27ED919C} (targettedbanner.biz browser enhancer)
[04/05/2008, 18:07:39] - BHO 4: {1D7C1BB5-AEB7-4F80-9D63-8DB88D25C127} ()
[04/05/2008, 18:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/05/2008, 18:07:39] - Checking for HKLM\...\Winlogon\Notify\gebcy
[04/05/2008, 18:07:39] - Key not found: HKLM\...\Winlogon\Notify\gebcy, continuing.
[04/05/2008, 18:07:39] - BHO 5: {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} (MSEvents Object)
[04/05/2008, 18:07:39] - ALERT: Found MSEvents Object!
[04/05/2008, 18:07:39] - BHO 6: {5060f56b-a5d5-4840-9de7-9191f1c9176f} ()
[04/05/2008, 18:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/05/2008, 18:07:39] - Checking for HKLM\...\Winlogon\Notify\wekvdjcm
[04/05/2008, 18:07:39] - Key not found: HKLM\...\Winlogon\Notify\wekvdjcm, continuing.
[04/05/2008, 18:07:39] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/05/2008, 18:07:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/05/2008, 18:07:39] - No filename found. Continuing.
[04/05/2008, 18:07:39] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/05/2008, 18:07:39] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[04/05/2008, 18:07:39] - Finished Searching Browser Helper Objects
[04/05/2008, 18:07:39] - *** Detected MSEvents Object
[04/05/2008, 18:07:39] - Trying to remove MSEvents Object...
[04/05/2008, 18:07:40] - Terminating Process: IEXPLORE.EXE
[04/05/2008, 18:07:40] - Terminating Process: RUNDLL32.EXE
[04/05/2008, 18:07:40] - Disabling Automatic Shell Restart
[04/05/2008, 18:07:41] - Terminating Process: EXPLORER.EXE
[04/05/2008, 18:07:41] - Suspending the NT Session Manager System Service
[04/05/2008, 18:07:42] - Terminating Windows NT Logon/Logoff Manager
[04/05/2008, 18:07:43] - Re-enabling Automatic Shell Restart
[04/05/2008, 18:07:43] - File to disable: C:\WINDOWS\system32\hggfcaa.dll
[04/05/2008, 18:07:43] - Renaming C:\WINDOWS\system32\hggfcaa.dll -> C:\WINDOWS\system32\hggfcaa.dll.vir
[04/05/2008, 18:07:43] - File successfully renamed!
[04/05/2008, 18:07:43] - Removing HKLM\...\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
[04/05/2008, 18:07:43] - Removing HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
[04/05/2008, 18:07:43] - Adding Kill Bit for ActiveX for GUID: {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
[04/05/2008, 18:07:43] - Deleting ATLEvents/MSEvents Registry entries
[04/05/2008, 18:07:43] - Removing HKLM\...\Winlogon\Notify\hggfcaa
[04/05/2008, 18:07:43] - Searching for Browser Helper Objects:
[04/05/2008, 18:07:43] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[04/05/2008, 18:07:43] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[04/05/2008, 18:07:43] - BHO 3: {16B435F6-B6CE-4F24-A568-944B27ED919C} (targettedbanner.biz browser enhancer)
[04/05/2008, 18:07:43] - BHO 4: {1D7C1BB5-AEB7-4F80-9D63-8DB88D25C127} ()
[04/05/2008, 18:07:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/05/2008, 18:07:43] - Checking for HKLM\...\Winlogon\Notify\gebcy
[04/05/2008, 18:07:43] - Key not found: HKLM\...\Winlogon\Notify\gebcy, continuing.
[04/05/2008, 18:07:43] - BHO 5: {5060f56b-a5d5-4840-9de7-9191f1c9176f} ()
[04/05/2008, 18:07:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/05/2008, 18:07:43] - Checking for HKLM\...\Winlogon\Notify\wekvdjcm
[04/05/2008, 18:07:43] - Key not found: HKLM\...\Winlogon\Notify\wekvdjcm, continuing.
[04/05/2008, 18:07:43] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/05/2008, 18:07:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/05/2008, 18:07:43] - No filename found. Continuing.
[04/05/2008, 18:07:43] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/05/2008, 18:07:43] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[04/05/2008, 18:07:43] - Finished Searching Browser Helper Objects
[04/05/2008, 18:07:44] - Finishing up...
[04/05/2008, 18:07:44] - A restart is needed.
[04/05/2008, 18:07:52] - Attempting to Restart via STOP error (Blue Screen!)

#####################################################

Ca c'est HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:54, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll
O2 - BHO: (no name) - {1D7C1BB5-AEB7-4F80-9D63-8DB88D25C127} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: {f6719c1f-1919-7ed9-0484-5d5ab65f0605} - {5060f56b-a5d5-4840-9de7-9191f1c9176f} - C:\WINDOWS\system32\wekvdjcm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://ww2.mayeticvillage.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxentelechargement.orange.fr/orange2.0/OnlineHSS/zuma/Popcap.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
0
Réponse 6 / 14
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
effectivement , même si tu a l'impression d'un réel mieux il reste un groose manipes de fix pour être sur du coup et surtout après un gros nettoyage dans les coins à faire ... ;p
c'est pour cela que je compte sur toi jusqu'au bout !

Donc le dernier fix :

Télécharger ComboFix (par sUBs) sur le Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Démarrer en mode sans echec :
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

Double cliquer combofix.exe.

Appuyer sur la touche Y (Yes) pour démarrer le scan
Le rapport sera crée dans: C:\Combofix.txt

postes le rapport combo fix et un nouveau rapport hijackthis svp

Puis attends les instructions ...
0
Réponse 7 / 14
FkA
 
Okay-okay !
Voilà ou j'en suis apres ComboFix :
Alors :

###################################################

Le rapport combofix me donne ceci :

ComboFix 08-04-04.1 - franck 2008-04-05 19:31:44.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.365 [GMT 2:00]
Endroit: C:\Documents and Settings\franck\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\AVScheduler.dat
C:\Documents and Settings\franck\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\franck\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\franck\Application Data\WinAntiVirus Pro 2006\PGE.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Fichiers communs\winantivirus pro 2006
C:\Program Files\mcroso~1
C:\Program Files\mcroso~1\m?hta.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\tsks~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\WINDOWS\BM87f20a7b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atgban.dll
C:\WINDOWS\system32\ext
C:\WINDOWS\system32\gyurjylh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nuhodvpv.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\ZnJhbmNr\
C:\WINDOWS\ZnJhbmNr\\asappsrv.dll
C:\WINDOWS\ZnJhbmNr\\tBL1vAhO.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_FOPN
-------\Legacy_NETWORK_MONITOR
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_cmdService
-------\Service_Network Monitor
-------\Service_vspf
-------\Service_vspf_hk

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
.

2008-04-05 17:08 . 2008-04-05 17:08 <REP> d-------- C:\Program Files\Trend Micro
2008-04-05 16:45 . 2008-04-05 16:45 <REP> d-------- C:\VundoFix Backups
2008-04-05 16:43 . 2008-04-05 16:43 <REP> d-------- C:\Documents and Settings\franck\Application Data\CDBurnerXP_Soft
2008-04-05 16:40 . 2008-04-05 16:40 <REP> d-------- C:\Program Files\CDBurnerXP
2008-04-05 11:30 . 2008-04-05 11:30 <REP> d-------- C:\Program Files\Avira
2008-04-05 11:30 . 2008-04-05 11:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-04 18:23 . 2008-04-04 18:23 <REP> d-------- C:\WINDOWS\system32\BORDEL DE MERDE
2008-04-02 19:52 . 2008-04-02 19:52 <REP> d-------- C:\Program Files\CCleaner
2008-04-02 18:46 . 2008-04-03 17:29 1,620,979 ---hs---- C:\WINDOWS\system32\qhxobwuq.ini
2008-04-01 18:46 . 2008-04-02 18:19 1,592,313 ---hs---- C:\WINDOWS\system32\evljjssu.ini
2008-03-31 18:27 . 2008-04-01 16:54 1,597,063 ---hs---- C:\WINDOWS\system32\lbohbvdf.ini
2008-03-30 12:06 . 2008-03-31 18:23 1,597,354 ---hs---- C:\WINDOWS\system32\mchagopu.ini
2008-03-29 18:09 . 2008-03-29 18:09 <REP> d--hs---- C:\TrustedAntivirus
2008-03-29 18:08 . 2008-03-29 18:09 <REP> d-------- C:\Documents and Settings\franck\Application Data\TrustedAntivirus
2008-03-29 18:08 . 2008-03-29 18:08 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-03-29 18:07 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-29 18:02 . 2008-04-05 12:58 <REP> d-------- C:\WINDOWS\system32\imd4
2008-03-29 18:02 . 2008-03-29 18:02 <REP> d-------- C:\WINDOWS\system32\DL
2008-03-29 18:02 . 2008-04-05 12:57 <REP> d-------- C:\WINDOWS\system32\aqVreo01
2008-03-29 18:02 . 2008-03-29 18:02 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._
2008-03-29 18:02 . 2008-03-29 18:02 687,592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-03-29 18:02 . 2008-03-29 18:02 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-03-12 22:10 . 2008-03-12 22:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pixelStorm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 17:00 --------- d-----w C:\Program Files\MSN Messenger
2008-04-04 16:41 --------- d-----w C:\Program Files\Pack Securite
2008-04-04 16:13 51,072 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-04 16:13 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-03 16:54 --------- d-----w C:\Program Files\Windows Media Connect 2
2006-10-03 12:33 462,848 ----a-w C:\Program Files\lame_enc.dll
2006-08-20 09:42 357 ----a-w C:\Documents and Settings\franck\.cb_layout.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D7C1BB5-AEB7-4F80-9D63-8DB88D25C127}]
C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5060f56b-a5d5-4840-9de7-9191f1c9176f}]
C:\WINDOWS\system32\wekvdjcm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 16:10 160768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-11 16:06 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo8"= VfWWDM32.dll
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll
"vidc.LEAD"= LCODCCMP.DLL
"MSVideo"= vfwwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Assistant d'Acrobat.lnk
backup=C:\WINDOWS\pss\Assistant d'Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless Configuration Utility HW.32.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless Configuration Utility HW.32.lnk
backup=C:\WINDOWS\pss\Wireless Configuration Utility HW.32.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^État de l'enregistrement.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\État de l'enregistrement.lnk
backup=C:\WINDOWS\pss\État de l'enregistrement.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^franck^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\franck\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^franck^Menu Démarrer^Programmes^Démarrage^mIRC_RSW.lnk]
path=C:\Documents and Settings\franck\Menu Démarrer\Programmes\Démarrage\mIRC_RSW.lnk
backup=C:\WINDOWS\pss\mIRC_RSW.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^franck^Menu Démarrer^Programmes^Démarrage^VAIO Launcher.lnk]
path=C:\Documents and Settings\franck\Menu Démarrer\Programmes\Démarrage\VAIO Launcher.lnk
backup=C:\WINDOWS\pss\VAIO Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\84c139e7]
C:\WINDOWS\system32\hlyjruyg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-05-23 12:43 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-06-01 21:00 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-04-05 11:32 249896 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM87f20a7b]
C:\WINDOWS\system32\jqglikev.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2007-04-26 19:12 183208 C:\Program Files\Pack Securite\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--a------ 2007-04-26 19:10 740208 C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\La Poste]
C:\Program Files\LaPoste\laposte.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-09-26 18:38 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2005-07-23 00:25 28160 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-01-19 12:45 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-01-19 12:39 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-01-19 12:05 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
-ra------ 2004-07-06 14:15 40960 C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PostSetupCheck]
C:\WINDOWS\system32\atgban.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-07-11 16:06 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2006-04-23 11:48 40960 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-28 21:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP]
c:\program files\topthemesxp\txp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
--a------ 2004-06-29 13:17 147456 C:\Program Files\sony\vaio update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander]
--a------ 2004-08-05 16:23 184320 C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{13-39-94-48-DW}]
C:\WINDOWS\system32\ext\begmgr11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WinVNC4"=2 (0x2)
"VCI"=2 (0x2)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
"VAIO Entertainment UPnP Client Adapter"=3 (0x3)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"VAIO Entertainment Task Scheduler"=2 (0x2)
"VAIO Entertainment File Import Service"=2 (0x2)
"VAIO Entertainment Aggregation and Control Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"SymWSC"=2 (0x2)
"SiSWLSvc"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"Network Monitor"=2 (0x2)
"gusvc"=3 (0x3)
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"FSAUA"=3 (0x3)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"cmdService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-04 18:13]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Pack Securite\HIPS\fshs.sys [2008-04-04 18:12]
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-29 09:34]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
S3 smscdfu;SMSC DFU Driver;C:\WINDOWS\system32\DRIVERS\SMSCDFU.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]
S4 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-07-08 21:26]
S4 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-07-08 21:17]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-05 14:39:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 19:37:02
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-05 19:39:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 17:39:03
Pre-Run: 5,799,497,728 octets libres
Post-Run: 5,176,209,408 octets libres
.
2008-03-12 11:00:32 --- E O F ---

##############################################################

Et le hiJackthis me donne ceci :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:27, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7C1BB5-AEB7-4F80-9D63-8DB88D25C127} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: {f6719c1f-1919-7ed9-0484-5d5ab65f0605} - {5060f56b-a5d5-4840-9de7-9191f1c9176f} - C:\WINDOWS\system32\wekvdjcm.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://ww2.mayeticvillage.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxentelechargement.orange.fr/orange2.0/OnlineHSS/zuma/Popcap.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
0
Réponse 8 / 14
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Fermes toutes tes appliques et déconnectes toi

Relance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas clické sur les carré des lignes suivantes :

O2 - BHO: (no name) - {1D7C1BB5-AEB7-4F80-9D63-8DB88D25C127} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: {f6719c1f-1919-7ed9-0484-5d5ab65f0605} - {5060f56b-a5d5-4840-9de7-9191f1c9176f} - C:\WINDOWS\system32\wekvdjcm.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O18 - Protocol: bw+0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {52E732F9-F38A-497F-A8E0-0A5E3DE09F65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Tu cliques en bas sur le bouton FIX CHECKED et valides

Je sais ,ça fait beaucoup ;)

Redemare ton PC

Pévient moi quand c'est finit ...
0
Réponse 9 / 14
FkA
 
Comme il a fallu une deconnexion j'ai copié/collé ton post dans un fichier txt sur le bureau.
Bref j'ai fait ce qu'il fallait mais il y a quand même eu un petit probleme, je sais pas si il est grave
Quand j'ai tout coché et cliqué sur fix checked et validé, une asterisque est survenue (je crois qu'il disait de fermer tout les programmes susceptibles d'utiliser internet, enfin bref)
Bref je relance HiJackThis et les lignes precedemment cochés n'apparaissent plus dans le scan (et ca a fait une grosse place)
J'ai redemarré l'ordi'
Voilà pour le moment

Fk"
0
Réponse 10 / 14
FkA
 
Whoops, j'avais déjà le ccleaner, mais avec les options installés... Bref desinstall et re-install, suivi les manips' !

Execution des manips OK

Bon, a l'oeil nu, je pouvais pas detecter les intrusions, mais là, il semble que le probleme soit resolu, puisque en pointant les dossiers de system32 Antivir ne m'a rien dit ! Bon, je vais jarter la quarantaine quand même

Bon, j'ai quelques .mp3 et .wma qui ont foutu le camp, mais bon je les avais heureusement sur mon lecteur mp3 donc ca sera pas un probleme

Le dernier scan HiJackThis (qui est presque quatre fois plus court que les autres) est en dessous

Thank you pour ton aide en tout cas !

Fk"

###################################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:10, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://ww2.mayeticvillage.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.servicesalacarte.wanadoo.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxentelechargement.orange.fr/orange2.0/OnlineHSS/zuma/Popcap.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
0
Réponse 11 / 14
FkA
 
PS : Avec les dernieres manips', mes informations internet ont fichu le camp aussi, donc je ne suis pas consideré comme les autres FkA (ben ouais je suis ici en anonyme) et ne peux pas cocher l'option "resolu"
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Pas de souci hors mit les mp3 et wma ? tout est OK ?

Si c'est le cas, fait ce-ci pour finir :

Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
tu peux, si tu le souhaites, te servir des Options facultatives

se petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapport consernant la désinfection que toolsclaener2 n'a pas supprimé .

Puis enfin supprimes toolscleaner2 ...

A+

---sKe---
0
Réponse 12 / 14
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Pour info , je rajouterai ce-ci :

il te faut un anti-spyware en plus de ton anti-virus, c'est fortement conseillé .
Moi je te propose :

Spybot search and destroy (version complète et gratuite)
https://www.safer-networking.org/?page=download
(instales le , mets le à jour et lance la vaccination )

Aide pour utilisation Spybot ici (merci Balltrap ;) ) : http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

Tu peux le coupler avec celui-ci si tu veux :

Ce logiciel est très utile pour scanner ton PC :
AVG Antispyware (version démo / 30 jours )
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" (pour éventuellement le poster sur un forum en cas de prb ... Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware ).

Tiens moi au courant ...

A+

---sKe---
0
Réponse 13 / 14
FkA
 
(nuit de sommeil)
Alors alors alors alors alors
Pour tes derniers conseils :
J'ai telechargé ToolsCleaner
ToolsCleaner a fait le menage des prog' de desinfection, et apres je l'ai supprimé comme tu m'a dit
Ensuite j'ai mis le Spybot, mis a jour et vaccination du systeme OK
Voilà !

Fk"
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Une bonne chose defaite :)

comment vas ton PC ?
0
Réponse 14 / 14
FkA
 
(Bon tu m'excusera de mon ENOOOOOOORRRRME lenteur a repondre mais j'etais pas devant l'ordi)
Mon PC se porte bien, et puis... Ben voilà rien a signaler
Apres tout ca j'en ai profité pour defragmenter le disque C:/ evidemment ca a pris une vache de temps, bon au final j'ai juste perdu quelques musiques, boah c'est pas mechant !
Merci de ton aide en totu cas

Fk"
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
De rien ;)

A+

---sKe---
0
FkA > sKe69 Messages postés 21955 Statut Contributeur sécurité
 
Comme dans les manips' j'ai du faire degager mes informations Internet, je ne peux pas mettre le statut resolu (tout simplement parce que l'option n'apparait plus)
Allez salut
Fk"
0