Sujet Précédent Sujet Suivant

Mon pc est incté par Win32:Vundo@dll [Trj]

wil87 Messages postés 2 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

ca fait un esemaine que je suis infecté par Win32:Vundo@dll [Trj]
jen peu plus.
g avast mais il revient tjrs.
aider moi svp.
Meerci.
A voir également:

3 réponses

Réponse 1 / 3
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

Fais une analyse par HijackThis, comme ceci:

1)- Avec connexion au Net en service,
Télécharge la version finale de Hijackthis (Trend Secure) ==> HijackThis™ 2.0 .2 < http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download > avec un installeur. Sur la page, choisis « Download HijackThis Installer » et enregistre-le sur le bureau. Tu dois voir une nouvelle icône « HJTInstall.exe » sur le bureau.

2)- Installation : clic-droit sur l’ icône « HJTInstall.exe » présente sur ton bureau et choisis : "Exécuter en tant qu'administrateur" dans le menu déroulant qui s'affiche.
- Ensuite, clic sur « Exécuter », puis sur « Install ».
- Accepte la licence en cliquant sur le bouton "I Accept"
- Le programme s’installe de lui-même dans un dossier dédié.
- Par défaut, il s'installera en C:\Program Files\Trend Micro\HijackThis
- Et un raccourci pour lancer l’analyse apparaît sur le bureau.

Note: Comme cette version est appelée à rester sur le PC, faire un clic-droit sur HJTInstall.exe > Propriétés > Onglet compatibilité > coche la case "Exécuter en tant qu'administrateur" en bas .
- Cette solution pérennise le choix qui peut être obtenu de manière provisoire par « clic-droit sur l'icône de raccourci/Exécuter en tant qu'administrateur» dans le menu contextuel.

3)Analyse :
•-Important à faire en priorité si tu possèdes le logiciel Spybot S&D > Désactive le Tea Timer de Spybot en passant par les options de Spybot: il faut une fois dans le logiciel il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Tea Timer" .
- Tu ne dois plus voir l'icône du Tea Timer dans la barre de tâches (Systray près de l’horloge)!

•-Arrête tous les programmes en cours et ferme toutes les fenêtres.
•- Puis, double-clic sur le raccourci HJT créé sur le bureau, et clic sur "Do a system scan and save a logfile" pour lancer l'analyse.
- À la fin du scan le bloc-notes va s'ouvrir sur le bureau
- Tu fais un copier/coller de tout son contenu.
- Et tu le postes sur le forum.
- Il sera enregistré dans le dossier C:\Program Files\Trend Micro\HijackThis, sous hijackthis.log.
______________

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
wil87 Messages postés 2 Statut Membre
 
voila le rapport COMBOFIX

ComboFix 08-05-25.5 - Wilfried 2008-05-26 22:14:34.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1109 [GMT 2:00]
Endroit: C:\Users\Wilfried\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\resources\RomKernel.dll
C:\Windows\system32\382077
C:\Windows\System32\bfgkxrxj.ini
C:\Windows\system32\buiicjdu.ini
C:\Windows\system32\dKRsvyxx.ini
C:\Windows\System32\dKRsvyxx.ini2
C:\Windows\System32\fffOonnn.ini
C:\Windows\System32\fffOonnn.ini2
C:\Windows\system32\gymtocol.ini
C:\Windows\system32\iifgHwut.dll
C:\Windows\System32\MUxENqss.ini
C:\Windows\System32\MUxENqss.ini2
C:\Windows\system32\oWvFeMoq.ini
C:\Windows\System32\oWvFeMoq.ini2
C:\Windows\System32\qBeMmnpo.ini
C:\Windows\System32\qBeMmnpo.ini2
C:\Windows\System32\tDNmTvut.ini
C:\Windows\System32\tDNmTvut.ini2
C:\Windows\System32\uiodknpf.ini
C:\Windows\System32\utjmfyyj.ini
C:\Windows\system32\utsvjebm.ini
C:\Windows\System32\wuxuxmnf.ini
C:\Windows\system32\XaKUvyxx.ini
C:\Windows\System32\XaKUvyxx.ini2
C:\Windows\System32\xhdtxrvo.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 20:12 --------- d-----w C:\ProgramData\Symantec
2008-05-26 20:03 71,900 ----a-w C:\Users\Wilfried\AppData\Roaming\nvModes.dat
2008-05-26 19:25 --------- d-----w C:\Program Files\Trend Micro
2008-05-26 17:55 --------- d-----w C:\Program Files\CCleaner
2008-05-26 16:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 16:10 --------- d-----w C:\Program Files\Defenza
2008-05-26 16:04 --------- d-----w C:\Users\Wilfried\AppData\Roaming\AdwareBot
2008-05-26 16:04 --------- d-----w C:\Program Files\AdwareBot
2008-05-26 15:57 5,208 ----a-w C:\Windows\System32\PerfStringBackup.TMP
2008-05-21 20:51 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-21 20:51 --------- d-----w C:\Program Files\Picasa2
2008-05-21 20:51 --------- d-----w C:\Program Files\Norton Save and Restore
2008-05-21 20:51 --------- d-----w C:\Program Files\Microsoft Works
2008-05-21 20:51 --------- d-----w C:\Program Files\Google
2008-05-21 20:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 20:51 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-21 20:43 --------- d-----w C:\Users\Wilfried\AppData\Roaming\Skype
2008-05-20 11:30 --------- d-----w C:\Program Files\Alwil Software
2008-05-20 10:05 114 ----a-w C:\Users\Wilfried\AppData\Roaming\wklnhst.dat
2008-05-19 19:40 --------- d-----w C:\Program Files\LabelCommand
2008-05-19 13:20 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-19 12:53 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-19 12:53 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-19 12:53 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-19 12:53 --------- d-----w C:\Program Files\Symantec
2008-05-19 07:19 --------- d-----w C:\ProgramData\Adsl Software Limited
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-13 21:44 --------- d-----w C:\Program Files\Windows Mail
2008-05-07 13:59 137,952 ----a-w C:\Windows\system32\drivers\symsnap.sys
2008-05-07 13:49 15,464 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys
2008-05-07 13:49 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-04-26 05:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 17:04 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 16:59 --------- d-----w C:\Program Files\Windows Live
2008-04-07 16:57 --------- d-----w C:\ProgramData\WLInstaller
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-09-08 09:43 174 --sha-w C:\Program Files\desktop.ini
2005-04-12 14:54 1,255,708 ----a-w C:\Program Files\wrar340fr.exe
2005-04-11 12:36 11,593,248 ----a-w C:\Program Files\RealPlayer10-5GOLD_fr.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-26_22.08.49.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-26 20:00:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-26 20:00:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-26 20:01:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-26 20:06:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-05-26 20:01:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-26 20:06:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-05-26 19:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-26 20:10:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-26 19:12:23 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-26 20:10:34 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-26 19:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-26 20:10:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-26 17:07:20 9,256 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3207341276-2573896159-681141909-1003_UserData.bin
+ 2008-05-26 20:05:19 9,316 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3207341276-2573896159-681141909-1003_UserData.bin
- 2008-05-26 17:07:20 74,614 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-26 20:05:18 74,914 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-26 17:15:07 54,462 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-26 20:05:02 54,678 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
C:\Program Files\LabelCommand\LabelCommand.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2162920C-0C6D-4384-91BF-952A6F1C2D41}]
C:\Windows\system32\qoMeFvWo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0A035EC-C865-4E47-BF73-B17741DD5232}]
C:\Windows\system32\382077\382077.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 21:18 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-10 13:24 32768]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"AdwareBot"="C:\Program Files\AdwareBot\AdwareBot.exe" [2008-05-22 20:12 13911288]
"WinSpywareProtect (ver. 5.1)"="C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [2008-05-19 09:20 1338880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-17 04:47 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-17 04:47 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-17 04:47 81920]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-01-12 07:52 118784]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-05-16 20:07 411768]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 20:39 321656]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-17 04:21 22696]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2008-05-07 16:12 2037088]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 19:16 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-08 11:36 180269]
"OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-05 19:51 400408]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"ImgTask"="C:\Windows\Imgtask.exe" [2006-12-13 05:26 20480]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [2006-12-15 10:47 1359872]

C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 21:38:14 2756608]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-10 13:24:57 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-10 13:54:09 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-02-13 15:19 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC37EA31-9CB5-41E7-B271-4CFB23A8287F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2F4B5941-4206-414C-BC35-CD62A2FBA6BD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{52A33E13-23F4-4620-908B-1B2C80360BA7}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E756349C-EA58-4003-BC18-D71599F79422}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{7C961D7C-932B-4ABC-B19B-BC5F9911D6A0}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F806B28C-194E-4BA8-B9DF-DC090039FF38}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{1464C490-92D7-44BC-BEFF-45E5A2AEDE99}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{44EA4FD1-1686-4AF2-BC34-129300F9DF6F}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F187429B-2998-4C01-9BB8-AAE35764C0F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080523.001\IDSvix86.sys [2008-03-20 22:37]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 20:09]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 14:56]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-10 13:09]
R3 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2008-05-07 16:12]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-03-15 21:19]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-03-15 21:19]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 03:03]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-17 04:26]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 14:29]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 05:10]
S2 AdwareBotSrv;AdwareBot Scanning Engine;"C:\Program Files\AdwareBot\AdwareBot.srv.exe" [2008-05-22 20:12]
S2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-05 18:55]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 14:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{045bc7d5-a9eb-11dc-bb09-0019c1a16315}]
\shell\AutoRun\command - G:\Imageviewer.exe

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-26 17:05:36 C:\Windows\Tasks\AdwareBot Scheduled Scan.job"
- C:\Program Files\AdwareBot\AdwareBot.ex
- C:\Program Files\AdwareBot
"2008-05-23 18:01:28 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Wilfried.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-05-25 21:01:06 C:\Windows\Tasks\User_Feed_Synchronization-{38271BF8-A14C-488F-803C-597B8486EC2C}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-26 19:54:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 22:16:06
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-26 22:17:06
ComboFix-quarantined-files.txt 2008-05-26 20:16:41

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

245 --- E O F --- 2008-05-16 19:43:28

Merci de ton aide
@+
0
Réponse 2 / 3
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

il me manque le rapport de Hijackthis.
0
Claude Lachance Messages postés 36304 Statut Contributeur 1 031
 
Bonjour

Je constate que ce rapport ne passe pas ici à cause du terme «.urban-rivals.coz [J'ai changé le "m" pour un "z" qui est en blacklist, désolé! Je vous le copie ici, avec le lien modifié de la même façon!

Ciao! 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:04, on 27/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.e­xe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Windows\Imgtask.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDe­sktopMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpyware­Protect.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe­
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.ex­e
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.E­XE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost­.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.urban-rivals.coz/player/w­elcomeback.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/?ref=go­Id=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/?ref=go­Id=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/?ref=go­Id=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=&cc=fr&toHttps=1&redig=41D9DFD8C98F412D8003D00C018B3F2F­TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C8­5} - C:\Program Files\OrangeHSS\SearchURLHook\Search­PageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F8­8} - C:\Program Files\Yahoo!\Companion\Installs\cpn\­yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA0567­0} - C:\Program Files\Yahoo!\Companion\Installs\cpn\­yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B­3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHe­lper.dll
O2 - BHO: LabelCommand module - {18CB1A7B-94CD-4582-8022-ADA16851E44­B} - C:\Program Files\LabelCommand\LabelCommand.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C7­5} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.d­ll
O2 - BHO: (no name) - {2162920C-0C6D-4384-91BF-952A6F1C2D4­1} - C:\Windows\system32\qoMeFvWo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D4­3} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C­6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D­0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F77­7} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: 382077 helper - {F0A035EC-C865-4E47-BF73-B17741DD523­2} - C:\Windows\system32\382077\382077.dl­l (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4­F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D­0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F8­8} - C:\Program Files\Yahoo!\Companion\Installs\cpn\­yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26D­F} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dl­l
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcS­tart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStar­tup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvT­askbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.e­xe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe&q­uot; -osboot
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ImgTask] C:\Windows\Imgtask.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-­2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-­2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDe­sktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdwareBot] C:\Program Files\AdwareBot\AdwareBot.exe -boot
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpyware­Protect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.ex­e
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe­
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\­EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C60850­1} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll­
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C60850­1} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll­
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C4­9} - C:\PROGRA~1\MICROS~3\Office12\ONBttn­IE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C4­9} - C:\PROGRA~1\MICROS~3\Office12\ONBttn­IE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A826­3} - C:\PROGRA~1\MICROS~3\Office12\REFIEB­AR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD2­1} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/s­tatic/securite/certdgi1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB95953­7} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02­/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {512663B9-A1FD-412E-9E4F-42B2B1DB189­C} (SVSMapCtrl Class) - http://ellipse.irisio.net/fleet/SVSM­apCtrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F2172161­6} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivX­BrowserPlugin.cab
O18 - Protocol: bw+0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw+0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw-0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw-0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw00 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw00s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw10 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw10s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw20 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw20s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw30 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw30s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw40 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw40s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw50 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw50s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw60 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw60s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw70 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw70s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw80 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw80s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw90 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bw90s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwa0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwa0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwb0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwb0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwc0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwc0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwd0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwd0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwe0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwe0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwf0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwf0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32­B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProt­ocol-8876480.dll
O18 - Protocol: bwg0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwg0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwh0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwh0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwi0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwi0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwj0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwj0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwk0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwk0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwl0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwl0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwm0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwm0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwn0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwn0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwo0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwo0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwp0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwp0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwq0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwq0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwr0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwr0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bws0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bws0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwt0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwt0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwu0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwu0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwv0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwv0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bww0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bww0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwx0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwx0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwy0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwy0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwz0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: bwz0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: offline-8876480 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5­D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.­DLL
O23 - Service: AdwareBot Scanning Engine (AdwareBotSrv) - Unknown owner - C:\Program Files\AdwareBot\AdwareBot.srv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService­.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Inte­l 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.ex­e
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS­~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-­2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedul­erSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceMana­ger\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-­AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-­HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-­UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.e­xe

-- 
End of file - 27542 bytes


0
Réponse 3 / 3
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
0