Virus Win32 Résolu

Question

Bonjour,
Bonjour, 

Voila , Depuis Quelque jour mon antivirus me trouve un Virus Win32.TrotBOH ! j'ai fait une Analyse avec Hijackthis !! 
Si quelq'un pourrati me dire quel fichier son a supprimer je le remercie Beaucoup !! 
Merci 

Logfile of HijackThis v1.99.1 
Scan saved at 15:16:23, on 25/03/2008 
Platform: Windows XP SP2 (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
C:\Program Files\Alwil Software\Avast4\ashServ.exe 
C:\WINDOWS\system32\LEXBCES.EXE 
C:\WINDOWS\system32\spoolsv.exe 
C:\WINDOWS\system32\LEXPPS.EXE 
C:\WINDOWS\System32\FTRTSVC.exe 
C:\WINDOWS\system32
vsvc32.exe 
C:\WINDOWS\system32\PnkBstrA.exe 
C:\Program Files\D-Tools\daemon.exe 
C:\WINDOWS\SOUNDMAN.EXE 
C:\WINDOWS\system32\RUNDLL32.EXE 
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
C:\WINDOWS\system32\qttask.exe 
C:\WINDOWS\system32\svchost.exe 
C:\Program Files\MSN Messenger\MsnMsgr.Exe 
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe 
C:\WINDOWS\system32undll32.exe 
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\explorer.exe 
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 
C:\WINDOWS\system32\mmc.exe 
C:\WINDOWS\system32\DfrgNtfs.exe 
C:\Program Files\internet explorer\iexplore.exe 
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe 
C:\Program Files\MSN Messenger\livecall.exe 
C:\Program Files\MSN Messenger\usnsvc.exe 
C:\Program Files\internet explorer\iexplore.exe 
C:\Program Files\WinRAR\WinRAR.exe 
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.235\HijackThis.exe 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) 
O2 - BHO: (no name) - {292508E6-63BC-478C-8703-68013131A496} - C:\WINDOWS\system32\jkhhh.dll (file missing) 
O2 - BHO: (no name) - {44E8C7F6-FD25-4EF8-B56D-7AC5C7FADCDC} - C:\WINDOWS\system32\vtuts.dll (file missing) 
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll 
O2 - BHO: (no name) - {A291297B-CAC0-43DF-8343-98AC471FDBD4} - C:\WINDOWS\system32\awvtr.dll (file missing) 
O2 - BHO: (no name) - {a659bcb4-f4fc-4d9d-bca6-7afb8d526b9b} - C:\WINDOWS\system32\iwpeydor.dll (file missing) 
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll (file missing) 
O2 - BHO: (no name) - {D6158E03-E558-4C1F-8A2A-963E8EDFB4B7} - C:\Program Files\ComPlus Applications
ipyvafymC:\WINDOWS\system32ey2\qopre83122.exe.dll (file missing) 
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll 
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll 
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [BM0f01f557] Rundll32.exe "C:\WINDOWS\system32\bxephbkx.dll",s 
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background 
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide 
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe 
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe 
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm 
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU) 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
O18 - Protocol: bw+0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw+0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw-0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw-0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw00 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw00s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw10 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw10s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw20 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw20s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw30 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw30s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw40 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw40s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw50 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw50s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw60 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw60s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw70 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw70s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw80 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw80s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw90 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw90s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwa0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwa0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwb0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwb0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwc0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwc0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwd0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwd0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwe0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwe0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwf0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwf0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll 
O18 - Protocol: bwg0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwg0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwh0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwh0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwi0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwi0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwj0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwj0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwk0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwk0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwl0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwl0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwm0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwm0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwn0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwn0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwo0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwo0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwp0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwp0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwq0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwq0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwr0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwr0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bws0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bws0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwt0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwt0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwu0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwu0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwv0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwv0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bww0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bww0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwx0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwx0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwy0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwy0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwz0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwz0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL 
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL 
O18 - Protocol: offline-8876480 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O20 - Winlogon Notify: efcdcda - efcdcda.dll (file missing) 
O20 - Winlogon Notify: iifeeby - iifeeby.dll (file missing) 
O20 - Winlogon Notify: wszodbdt - wszodbdt.dll (file missing) 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe 
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) 
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) 
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe 
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE 
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe 
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe 
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)

jlpjlp · Answer

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 
--------------

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {292508E6-63BC-478C-8703-68013131A496} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: (no name) - {44E8C7F6-FD25-4EF8-B56D-7AC5C7FADCDC} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {A291297B-CAC0-43DF-8343-98AC471FDBD4} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {a659bcb4-f4fc-4d9d-bca6-7afb8d526b9b} - C:\WINDOWS\system32\iwpeydor.dll (file missing)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll (file missing)
O2 - BHO: (no name) - {D6158E03-E558-4C1F-8A2A-963E8EDFB4B7} - C:\Program Files\ComPlus Applications
ipyvafymC:\WINDOWS\system32ey2\qopre83122.exe.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM0f01f557] Rundll32.exe "C:\WINDOWS\system32\bxephbkx.dll",s
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)


_______________________


scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.


______________________


Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Sauvegarde le sur ton bureau et pas ailleurs ! 

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic 

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider. 
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. 
______________________

télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 

C:\WINDOWS\system32\bxephbkx.dll


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

_______________________



 colle le rapport d'un scan en ligne 
avec un des suivants: 
(désactiver avast le temps du scan)

bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

grarou59 · Answer

Merci , je m'ocupe de sa  tout de suite !!

grarou59 · Answer

alors voila pour Combofix je n'ai pas pu le télécharger !! ______________________________________________ Scan OTMoveIt : File/Folder C:\WINDOWS\system32\bxephbkx.dll not found. OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04072008_151508 ______________________________________________ et l'analyse de bitdefender en ligne : C:\Documents and Settings\Administrateur\Mes documents\Azureus Downloads\CoD2SP\CoD2SP_c.exe Infecté par: Trojan.Dropper.RSM C:\Documents and Settings\Administrateur\Mes documents\Azureus Downloads\CoD2SP\CoD2SP_c.exe Echec de la désinfection C:\Documents and Settings\Administrateur\Mes documents\Azureus Downloads\CoD2SP\CoD2SP_c.exe C:\Program Files\Alwil Software\Avast4\DATA\moved\dvwdhfcd.dll Infecté par: Trojan.Vundo.DZK C:\Program Files\Alwil Software\Avast4\DATA\moved\dvwdhfcd.dll C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000044.dll Infecté par: Trojan.Vundo.EDA

C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000044.dll Supprimé C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000045.dll Infecté par: Trojan.Vundo.ECQ C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000045.dll Supprimé C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000046.dll Infecté par: Trojan.Vundo.EDT C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000047.dll Infecté par: Trojan.Vundo.EDA C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000047.dll Supprimé C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000049.dll Infecté par: Trojan.Vundo.EEJ C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000049.dll Supprimé C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000050.dll Infecté par: Trojan.Vundo.EEB C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000050.dll Supprimé C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000052. Infecté par: Trojan.Vundo.EEK C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000052.dll> Supprimé C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000053.dll Infecté par: Trojan.Vundo.EAI >C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000053.dll Supprimé C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003087.dll Infecté par: Trojan.Vundo.EEH C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003087.dll Supprimé C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003132.dll Infecté par: Trojan.Vundo.DZK C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003132.dll Supprimé C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005930.exe Infecté par: Trojan.Dropper.Vundo.E C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005930.exe Désinfecté C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005931.exe Infecté par: Trojan.Dropper.Vundo.E> C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005935.exe Désinfecté C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005936.exe Infecté par: Trojan.Dropper.Vundo.E C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005936.exe Désinfecté C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005937.Exe Infecté par: Trojan.Dropper.Vundo.E C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005937.Exe Désinfecté C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005938.exe Détecté avec: Adware.Navexcel.B C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005938.exe Supprimé C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005939.exe Détecté avec: Application.Navexcel.B C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005939.exe Echec de la désinfection C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005939.exe Supprimé C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005940.dll Détecté avec: Application.Navexcel.A C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005940.dll Echec de la désinfection C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005940.dll Supprimé C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005941.exe Infecté par: Trojan.Dropper.Vundo.E C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005941.exe Désinfecté C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005942.dll Infecté par: Trojan.Vundo.DTA C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005942.dll Supprimé C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005943.dll Infecté par: Trojan.Vundo.DYP C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005943.dll Supprimé C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005944.dll Infecté par: Trojan.Vundo.DYI C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005944.dll C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005945.exe Infecté par: Trojan.Fotomoto.H C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005945.exe Supprimé C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005946.dll Infecté par: Trojan.Vundo.DTA C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005946.dll Supprimé C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005947.dll Détecté avec: Adware.Virtumonde.GII C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005947.dll Supprimé C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005948.exe Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005948.exe

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005949.dll

Infecté par: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005949.dll

Echec de la désinfection

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005949.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005950.exe

Infecté par: Trojan.Downloader.VB.BDA

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005950.exe

Echec de la désinfection

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005950.exe

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005951.dll

Infecté par: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005951.dll

Echec de la désinfection

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005951.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005952.exe

Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005952.exe

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005953.dll

Infecté par: Trojan.Vundo.ECD

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005953.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005954.dll

Infecté par: Trojan.Vundo.ZAA

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005954.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005955.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005955.exe

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005958.dll

Infecté par: Trojan.Vundo.DTA

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005958.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005959.dll

Infecté par: Trojan.Vundo.DYL

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005959.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005960.dll

Infecté par: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005960.dll

Echec de la désinfection

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005960.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005961.dll

Infecté par: Trojan.Vundo.DUP

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005961.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005962.dll

Infecté par: Trojan.Vundo.ECA

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005962.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005963.dll

Infecté par: Trojan.Vundo.DYI

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005963.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005964.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005964.exe

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005965.dll

Infecté par: Trojan.Vundo.DXU

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005965.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005966.dll

Infecté par: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005966.dll

Echec de la désinfection

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005966.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005967.dll

Infecté par: Trojan.Vundo.DUP

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005967.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005968.dll

Infecté par: Trojan.Vundo.Gen.2

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005968.dll

Echec de la désinfection

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005968.dll

Supprimé

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005969.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005969.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005970.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005970.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005971.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005971.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005972.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005972.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005973.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005973.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005974.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005974.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005975.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005975.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005976.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005976.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005977.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005977.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005978.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005978.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005979.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005979.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005980.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005980.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005981.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005981.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005982.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005982.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005983.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005983.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005984.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005984.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005985.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005985.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005986.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005986.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005987.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005987.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005988.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005988.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005989.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005989.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005990.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005990.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005991.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005991.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005992.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005992.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005993.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005993.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005994.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005994.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005995.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005995.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005996.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005996.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005997.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005997.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005998.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005998.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005999.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005999.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006000.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006000.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006001.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006001.exe

Désinfecté

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006002.exe

Infecté par: Trojan.Dropper.Vundo.E

C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-8

jlpjlp · Answer

vire ce qui est en quarantaine dans avast

___________

essaye de retelecharger combofix, il etait indispo quelques heures

et colle le rapport
____________

grarou59 · Answer

Voila le rapport COMBOFIX : ComboFix 08-04-07.5 - Administrateur 2008-04-07 16:24:49.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.616 [GMT 1:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Local Settings\Application Data\adjurpxyg.dat C:\Documents and Settings\Administrateur\Local Settings\Application Data\adjurpxyg_nav.dat C:\Documents and Settings\Administrateur\Local Settings\Application Data\adjurpxyg_navps.dat C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Uninstall.lnk C:\WINDOWS\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.exe C:\WINDOWS\system32\opcrfiki.dll C:\WINDOWS\system32\opwpjfqq.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))))))) . 2008-04-07 15:17 . 2008-04-07 15:17 d-------- C:\WINDOWS\LastGood 2008-04-07 15:17 . 2008-04-07 15:35 d-------- C:\WINDOWS\BDOSCAN8 2008-04-07 15:15 . 2008-04-07 15:15 d-------- C:\_OTMoveIt 2008-04-07 15:02 . 2008-04-07 15:04 d-------- C:\VundoFix Backups 2008-04-07 14:58 . 2008-04-07 14:58 d-------- C:\Program Files\Trend Micro 2008-04-03 19:44 . 2008-04-05 22:05 d-------- C:\Program Files\Tweak-XP 2008-04-03 19:43 . 2008-04-03 19:43 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-03 00:26 . 2008-04-03 00:26 41,296 --a--c--- C:\WINDOWS\system32\xfcodec.dll 2008-04-01 13:42 . 2008-04-01 13:42 d-------- C:\Program Files\Creative 2008-04-01 13:42 . 2002-06-06 14:38 139,264 --a------ C:\WINDOWS\system32\eax.dll 2008-04-01 13:30 . 2008-04-05 22:05 d-------- C:\Program Files\Mafia 2008-04-01 13:30 . 2002-08-26 18:54 327,680 -ra------ C:\WINDOWS\system32\MafiaSetup.exe 2008-03-26 23:32 . 2008-03-26 23:32 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-03-26 19:47 . 2008-04-07 13:48 d-------- C:\Program Files\Xfire 2008-03-26 19:47 . 2008-04-07 00:34 d-------- C:\Documents and Settings\Administrateur\Application Data\Xfire 2008-03-25 15:24 . 2008-03-25 15:35 d-------- C:\ComboFix[1] 2008-03-25 13:44 . 2008-03-25 13:44 d-------- C:\Program Files\CleanUp! 2008-03-23 16:53 . 2008-03-24 18:30 1,358,737 ---hs---- C:\WINDOWS\system32\lgfdhxyx.ini 2008-03-18 22:52 . 2008-03-18 22:52 dr-h----- C:\Documents and Settings\Administrateur\Application Data\SecuROM 2008-03-18 22:52 . 2008-03-18 22:52 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll 2008-03-18 22:09 . 2008-03-18 22:29 632 --a------ C:\WINDOWS\CoDUO.INI 2008-03-18 22:01 . 2008-03-26 19:44 d-------- C:\Program Files\Call of Duty Game of the Year Edition 2008-03-18 22:00 . 2008-03-19 13:38 766 --a------ C:\WINDOWS\CoD.INI 2008-03-18 21:59 . 2008-03-19 23:19 1,526,212 ---hs---- C:\WINDOWS\system32\flsvwmfy.ini 2008-03-18 21:51 . 2006-09-28 17:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-03-18 21:51 . 2006-09-28 17:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2008-03-18 21:51 . 2006-09-28 17:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2008-03-18 21:51 . 2006-09-28 17:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2008-03-18 21:10 . 2008-03-18 21:10 d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech 2008-03-18 18:58 . 2006-11-11 04:43 933,536 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS 2008-03-17 21:59 . 2008-03-18 15:38 1,314,535 ---hs---- C:\WINDOWS\system32\ceobvkpm.ini 2008-03-16 21:55 . 2008-03-17 21:56 1,916,988 ---hs---- C:\WINDOWS\system32\mokbinvp.ini 2008-03-15 13:55 . 2008-03-16 21:47 1,332,774 ---hs---- C:\WINDOWS\system32\wwapvkut.ini 2008-03-13 13:48 . 2008-03-14 13:22 1,306,504 ---hs---- C:\WINDOWS\system32\crqnbqix.ini 2008-03-11 23:32 . 2008-03-13 13:47 1,391,392 ---hs---- C:\WINDOWS\system32\qmdifntq.ini 2008-03-09 16:53 . 2008-03-10 19:28 1,315,414 ---hs---- C:\WINDOWS\system32\lumckomw.ini 2008-03-08 14:50 . 2008-03-09 16:48 1,318,463 ---hs---- C:\WINDOWS\system32\eiweygwd.ini 2008-03-07 14:43 . 2008-03-08 14:44 1,307,981 ---hs---- C:\WINDOWS\system32\bqahjhki.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-06 22:53 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-06 22:53 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-06 20:14 --------- d-----w C:\Program Files\Wanadoo 2008-04-06 18:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus 2008-03-26 18:44 --------- d-----w C:\Program Files\VirtualDJ 2008-03-26 18:44 --------- d-----w C:\Program Files\QuickPar 2008-03-26 18:44 --------- d-----w C:\Program Files\PKR 2008-03-26 18:44 --------- d-----w C:\Program Files\FaxTools 2008-03-26 18:44 --------- d-----w C:\Program Files\DivX 2008-03-25 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-25 14:04 --------- d-----w C:\Program Files\Postal2STP 2008-03-25 14:04 --------- d-----w C:\Program Files\MSN Messenger 2008-03-25 12:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-24 23:05 --------- d-----w C:\Program Files\Arovax AntiSpyware 2008-03-22 15:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-20 20:55 --------- d-----w C:\Documents and Settings\Administrateur\Application Data eamspeak2 2008-03-09 23:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Winamp 2008-03-01 22:52 231,872 ----a-w C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_421.exe 2008-03-01 22:52 --------- d-----w C:\Program Files\Easy Gif Animator Extension 2008-03-01 22:52 --------- d-----w C:\Program Files\Easy GIF Animator 2008-02-23 03:07 --------- d-----w C:\Program Files\KONAMI 2008-02-23 02:30 --------- d-----w C:\Program Files\mp3DirectCut 2008-02-22 16:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-02-14 04:48 --------- d-----w C:\Program Files\coolpro2 2008-02-14 04:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Syntrillium 2008-02-11 15:16 --------- d-----w C:\Program Files\Dofus 2008-02-10 20:06 --------- d-----w C:\Program Files\Veoh Networks 2008-02-08 18:11 --------- d-----w C:\Program Files\Alwil Software 2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:56 77,824 ----a-w C:\WINDOWS\system32\qttask.exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe 2008-02-08 10:51 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe 2008-02-07 16:09 --------- d-----w C:\Program Files\D-Tools 2008-01-29 20:57 118,784 -c----r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe 2007-11-26 19:07 22,328 -c--a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys 2007-09-29 14:05 0 -c--a-w C:\Program Files\installer-12116-845-windows-live-messenger-8-1-0178-french.exe 2007-01-22 13:12 102 -c--a-w C:\Program Files\MIB2ROM.TXT 1998-09-29 12:56 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe . [code]

-c--a-w            81,920 2008-02-07 16:05:03  C:\Program Files\D-Tools\daemon .exe
-c--a-w           284,184 2008-02-06 12:12:48  C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper .exe
-c--a-w           244,512 2008-02-06 12:12:55  C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX .exe
-c--a-w           132,496 2008-01-06 16:14:50  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
-c--a-w            36,864 2008-02-07 16:05:38  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
-c--a-w           746,520 2008-02-06 12:12:51  C:\Program Files\Logitech\QuickCam10\QuickCam10 .exe
-c--a-w           503,808 2008-01-06 16:14:48  C:\Program Files\Mouse Driver\MouseDrv .exe
-c--a-w         5,674,352 2008-02-07 16:05:40  C:\Program Files\MSN Messenger\MsnMsgr .Exe
-c--a-w            57,344 2008-02-07 16:04:55  C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
-c--a-w            15,360 2008-01-06 16:14:55  C:\WINDOWS\system32\ctfmon .exe
-c--a-w           155,648 2008-01-06 16:14:37  C:\WINDOWS\system32\NeroCheck .exe
-c--a-w            77,824 2008-02-08 10:51:54  C:\WINDOWS\system32\qttask                                                     .exe
-c--a-w            77,824 2008-02-08 10:52:00  C:\WINDOWS\system32\qttask                                                    .exe
----a-w            77,824 2008-02-08 10:52:06  C:\WINDOWS\system32\qttask                                                   .exe
----a-w            77,824 2008-02-08 10:52:11  C:\WINDOWS\system32\qttask                                                  .exe
----a-w            77,824 2008-02-08 10:52:17  C:\WINDOWS\system32\qttask                                                 .exe
----a-w            77,824 2008-02-08 10:52:23  C:\WINDOWS\system32\qttask                                                .exe
----a-w            77,824 2008-02-08 10:52:28  C:\WINDOWS\system32\qttask                                               .exe
----a-w            77,824 2008-02-08 10:52:34  C:\WINDOWS\system32\qttask                                              .exe
----a-w            77,824 2008-02-08 10:52:40  C:\WINDOWS\system32\qttask                                             .exe
-c--a-w            77,824 2008-02-08 10:52:46  C:\WINDOWS\system32\qttask                                            .exe
-c--a-w            77,824 2008-02-08 10:52:51  C:\WINDOWS\system32\qttask                                           .exe
-c--a-w            77,824 2008-02-08 10:52:57  C:\WINDOWS\system32\qttask                                          .exe
-c--a-w            77,824 2008-02-08 10:53:03  C:\WINDOWS\system32\qttask                                         .exe
-c--a-w            77,824 2008-02-08 10:53:08  C:\WINDOWS\system32\qttask                                        .exe
-c--a-w            77,824 2008-02-08 10:53:14  C:\WINDOWS\system32\qttask                                       .exe
-c--a-w            77,824 2008-02-08 10:53:20  C:\WINDOWS\system32\qttask                                      .exe
-c--a-w            77,824 2008-02-08 10:53:25  C:\WINDOWS\system32\qttask                                     .exe
-c--a-w            77,824 2008-02-08 10:53:31  C:\WINDOWS\system32\qttask                                    .exe
-c--a-w            77,824 2008-02-08 10:53:37  C:\WINDOWS\system32\qttask                                   .exe
-c--a-w            77,824 2008-02-08 10:53:42  C:\WINDOWS\system32\qttask                                  .exe
-c--a-w            77,824 2008-02-08 10:53:48  C:\WINDOWS\system32\qttask                                 .exe
-c--a-w            77,824 2008-02-08 10:53:54  C:\WINDOWS\system32\qttask                                .exe
-c--a-w            77,824 2008-02-08 10:53:59  C:\WINDOWS\system32\qttask                               .exe
-c--a-w            77,824 2008-02-08 10:54:05  C:\WINDOWS\system32\qttask                              .exe
-c--a-w            77,824 2008-02-08 10:54:11  C:\WINDOWS\system32\qttask                             .exe
-c--a-w            77,824 2008-02-08 10:54:17  C:\WINDOWS\system32\qttask                            .exe
-c--a-w            77,824 2008-02-08 10:54:23  C:\WINDOWS\system32\qttask                           .exe
-c--a-w            77,824 2008-02-08 10:54:28  C:\WINDOWS\system32\qttask                          .exe
-c--a-w            77,824 2008-02-08 10:54:34  C:\WINDOWS\system32\qttask                         .exe
-c--a-w            77,824 2008-02-08 10:54:40  C:\WINDOWS\system32\qttask                        .exe
-c--a-w            77,824 2008-02-08 10:54:45  C:\WINDOWS\system32\qttask                       .exe
-c--a-w            77,824 2008-02-08 10:54:51  C:\WINDOWS\system32\qttask                      .exe
-c--a-w            77,824 2008-02-08 10:54:57  C:\WINDOWS\system32\qttask                     .exe
-c--a-w            77,824 2008-02-08 10:55:02  C:\WINDOWS\system32\qttask                    .exe
-c--a-w            77,824 2008-02-08 10:55:08  C:\WINDOWS\system32\qttask                   .exe
-c--a-w            77,824 2008-02-08 10:55:14  C:\WINDOWS\system32\qttask                  .exe
-c--a-w            77,824 2008-02-08 10:55:19  C:\WINDOWS\system32\qttask                 .exe
-c--a-w            77,824 2008-02-08 10:55:25  C:\WINDOWS\system32\qttask                .exe
-c--a-w            77,824 2008-02-08 10:55:31  C:\WINDOWS\system32\qttask               .exe
-c--a-w            77,824 2008-02-08 10:55:36  C:\WINDOWS\system32\qttask              .exe
-c--a-w            77,824 2008-02-08 10:55:42  C:\WINDOWS\system32\qttask             .exe
-c--a-w            77,824 2008-02-08 10:55:48  C:\WINDOWS\system32\qttask            .exe
-c--a-w            77,824 2008-02-08 10:55:53  C:\WINDOWS\system32\qttask           .exe
-c--a-w            77,824 2008-02-08 10:55:59  C:\WINDOWS\system32\qttask          .exe
-c--a-w            77,824 2008-02-08 10:56:05  C:\WINDOWS\system32\qttask         .exe
-c--a-w            77,824 2008-02-08 10:56:10  C:\WINDOWS\system32\qttask        .exe
-c--a-w            77,824 2008-02-08 10:56:16  C:\WINDOWS\system32\qttask       .exe
-c--a-w            77,824 2008-02-08 10:56:22  C:\WINDOWS\system32\qttask      .exe
-c--a-w            77,824 2008-02-08 10:56:27  C:\WINDOWS\system32\qttask     .exe
-c--a-w            77,824 2008-02-08 10:56:33  C:\WINDOWS\system32\qttask    .exe
-c--a-w            77,824 2008-02-08 10:56:39  C:\WINDOWS\system32\qttask   .exe
-c--a-w            77,824 2008-02-08 10:56:44  C:\WINDOWS\system32\qttask  .exe
-c--a-w            77,824 2008-02-08 10:56:50  C:\WINDOWS\system32\qttask .exe

[/code] ------- Sigcheck ------- 2005-04-16 00:44 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\system32\user32.dll 2005-03-10 12:48 662016 06ad0b0f43286cd50af283762eb56763 C:\WINDOWS\system32\wininet.dll 2004-08-18 10:08 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers cpip.sys 2005-04-16 00:45 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\system32 tkrnlpa.exe 2005-04-16 00:40 2321408 209f3a54eedb976282da5e183c17388d C:\WINDOWS\system32 toskrnl.exe 2004-10-14 03:38 1036288 f14e8c29a1045d115e308d30e825a1eb C:\WINDOWS\explorer.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6158E03-E558-4C1F-8A2A-963E8EDFB4B7}] C:\Program Files\ComPlus Applications ipyvafymC:\WINDOWS\system32 ey2\qopre83122.exe.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-02-08 11:42 5674352] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-08 11:42 36864] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 13:53 3497984] "BlockAds"="" [] "Tweak-XP"="" [] "TransparentIcons"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2008-02-08 11:43 57344] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2008-02-08 11:34 81920] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 17:16 86016] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-29 21:57:24 196608] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) "ClearDocsOnExit"= 64 (0x40) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) "ClearDocsOnExit"= 64 (0x40) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{ED0ACB58-556F-21DA-DDFE-6D20F3F61111}"= C:\WINDOWS\system32\kb1ss1p.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\efcdcda] efcdcda.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\iifeeby] iifeeby.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= IR41_32.DLL "VIDC.VP40"= vp4vfw.dll "vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll "vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll "VIDC.VDOM"= vdowave.drv "MSACM.NSPAC"= NSPAC32.ACM "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\LEXPPS.EXE"= "C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"= "C:\Program Files\NEC\NEC Mobile Suite\CommsService.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "C:\Program Files\Xfire\xfire.exe"= "C:\Program Files\Internet Explorer\IEXPLORE.EXE"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\WINDOWS\system32\rundll32.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\WINDOWS\system32\PnkBstrA.exe"= "C:\WINDOWS\system32\PnkBstrB.exe"= "C:\Program Files\KONAMI\Pro Evolution Soccer 6\pes6.exe"= "C:\Program Files\MSN Messenger\MsnMsgr .Exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"= R0 aec6280;aec6280;C:\WINDOWS\system32\DRIVERS\aec6280.sys [2005-01-30 16:22] R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42] R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11] S3 DIGIRPS;Pilote PortServer Digi;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-23 16:10] S3 idrmkl;idrmkl;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\idrmkl.sys [] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 14:50] S3 marlbus;NEC WMC USB_AD1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\marlbus.sys [2005-04-29 14:52] S3 marlmdfl;NEC WMC USB_AD1 Modem Filter;C:\WINDOWS\system32\DRIVERS\marlmdfl.sys [2005-04-29 14:52] S3 marlmdm;NEC WMC USB_AD1 Port Drivers;C:\WINDOWS\system32\DRIVERS\marlmdm.sys [2005-04-29 14:52] S3 marlobex;NEC WMC USB_AD1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\marlobex.sys [2005-04-29 14:52] S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2006-07-20 23:15] S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [] . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-07 16:42:51 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-07 16:43:21 ComboFix-quarantined-files.txt 2008-04-07 15:43:06 ComboFix2.txt 2008-03-25 14:35:19 Pre-Run: 43,683,471,360 octets libres Post-Run: 43,666,542,592 octets libres

jlpjlp · Answer

analyse ces fichiers sur virus total et si inféctés tu les mets dans la citation otmovit comme dans mon precedent post: 

https://www.virustotal.com/gui/


C:\WINDOWS\system32\lgfdhxyx.ini
C:\WINDOWS\system32\flsvwmfy.ini
C:\WINDOWS\system32\ceobvkpm.ini
C:\WINDOWS\system32\mokbinvp.ini
C:\WINDOWS\system32\wwapvkut.ini
C:\WINDOWS\system32\crqnbqix.ini
2C:\WINDOWS\system32\qmdifntq.ini
C:\WINDOWS\system32\lumckomw.ini
C:\WINDOWS\system32\eiweygwd.ini
 C:\WINDOWS\system32\bqahjhki.ini 


_______________________


si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
 puis réactive là : 

 https://www.informatruc.com

_______________________
recolle un nouveau rapport hijackthis et dis tes soucis

grarou59 · Answer

Désoler pour la lenteur de la réponse mais j'ai eu des probleme de connextion :: 

voila le Hijack  pour l'instant je n'ai plus de probléme


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:08:49, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [0c32c6cb] rundll32.exe "C:\WINDOWS\system32\oidrugxg.dll",b
O4 - HKLM\..\Run: [BM0f01f557] Rundll32.exe "C:\WINDOWS\system32\sqpbfljf.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Registration Brothers In Arms EiB.LNK = C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: bw+0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe (file missing)

jlpjlp · Answer

relance hijackthis , fais do a system scan only, puis selectionne ces lignes puis fais fix cheked:


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [0c32c6cb] rundll32.exe "C:\WINDOWS\system32\oidrugxg.dll",b
O4 - HKLM\..\Run: [BM0f01f557] Rundll32.exe "C:\WINDOWS\system32\sqpbfljf.dll",s


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

_______


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\WINDOWS\system32\oidrugxg.dll
C:\WINDOWS\system32\sqpbfljf.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

___________
vire ce qui est dans moved file en allant dans psote de travail puis c puis otmovit

_____________

mets a jour internet:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_______________

installe spywareblaster qui permet d'immuniser le systeme contre vundo que tu avais, il suffit de mettre a jour tous les mois et de faire enable all pour immunbiser tout le systeme

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html




si pas de soucis c'est bon

Virus Win32

8 réponses

Votre réponse

Discussions similaires

Newsletters