Mon pc est incté par Win32:Vundo@dll [Trj]

wil87 Messages postés 2 Date d'inscription   Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

ca fait un esemaine que je suis infecté par Win32:Vundo@dll [Trj]
jen peu plus.
g avast mais il revient tjrs.
aider moi svp.
Meerci.
Configuration: Windows Vista
Internet Explorer 7.0

3 réponses

  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    Fais une analyse par HijackThis, comme ceci:

    1)- Avec connexion au Net en service,
    Télécharge la version finale de Hijackthis (Trend Secure) ==> HijackThis™ 2.0 .2 < http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download > avec un installeur. Sur la page, choisis « Download HijackThis Installer » et enregistre-le sur le bureau. Tu dois voir une nouvelle icône « HJTInstall.exe » sur le bureau.

    2)- Installation : clic-droit sur l’ icône « HJTInstall.exe » présente sur ton bureau et choisis : "Exécuter en tant qu'administrateur" dans le menu déroulant qui s'affiche.
    - Ensuite, clic sur « Exécuter », puis sur « Install ».
    - Accepte la licence en cliquant sur le bouton "I Accept"
    - Le programme s’installe de lui-même dans un dossier dédié.
    - Par défaut, il s'installera en C:\Program Files\Trend Micro\HijackThis
    - Et un raccourci pour lancer l’analyse apparaît sur le bureau.

    Note: Comme cette version est appelée à rester sur le PC, faire un clic-droit sur HJTInstall.exe > Propriétés > Onglet compatibilité > coche la case "Exécuter en tant qu'administrateur" en bas .
    - Cette solution pérennise le choix qui peut être obtenu de manière provisoire par « clic-droit sur l'icône de raccourci/Exécuter en tant qu'administrateur» dans le menu contextuel.

    3)Analyse :
    •-Important à faire en priorité si tu possèdes le logiciel Spybot S&D > Désactive le Tea Timer de Spybot en passant par les options de Spybot: il faut une fois dans le logiciel il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Tea Timer" .
    - Tu ne dois plus voir l'icône du Tea Timer dans la barre de tâches (Systray près de l’horloge)!

    •-Arrête tous les programmes en cours et ferme toutes les fenêtres.
    •- Puis, double-clic sur le raccourci HJT créé sur le bureau, et clic sur "Do a system scan and save a logfile" pour lancer l'analyse.
    - À la fin du scan le bloc-notes va s'ouvrir sur le bureau
    - Tu fais un copier/coller de tout son contenu.
    - Et tu le postes sur le forum.
    - Il sera enregistré dans le dossier C:\Program Files\Trend Micro\HijackThis, sous hijackthis.log.
    ______________

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. wil87 Messages postés 2 Date d'inscription   Statut Membre
       
      voila le rapport COMBOFIX

      ComboFix 08-05-25.5 - Wilfried 2008-05-26 22:14:34.2 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1109 [GMT 2:00]
      Endroit: C:\Users\Wilfried\Desktop\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Previous Run -------
      .
      C:\Windows\resources\RomKernel.dll
      C:\Windows\system32\382077
      C:\Windows\System32\bfgkxrxj.ini
      C:\Windows\system32\buiicjdu.ini
      C:\Windows\system32\dKRsvyxx.ini
      C:\Windows\System32\dKRsvyxx.ini2
      C:\Windows\System32\fffOonnn.ini
      C:\Windows\System32\fffOonnn.ini2
      C:\Windows\system32\gymtocol.ini
      C:\Windows\system32\iifgHwut.dll
      C:\Windows\System32\MUxENqss.ini
      C:\Windows\System32\MUxENqss.ini2
      C:\Windows\system32\oWvFeMoq.ini
      C:\Windows\System32\oWvFeMoq.ini2
      C:\Windows\System32\qBeMmnpo.ini
      C:\Windows\System32\qBeMmnpo.ini2
      C:\Windows\System32\tDNmTvut.ini
      C:\Windows\System32\tDNmTvut.ini2
      C:\Windows\System32\uiodknpf.ini
      C:\Windows\System32\utjmfyyj.ini
      C:\Windows\system32\utsvjebm.ini
      C:\Windows\System32\wuxuxmnf.ini
      C:\Windows\system32\XaKUvyxx.ini
      C:\Windows\System32\XaKUvyxx.ini2
      C:\Windows\System32\xhdtxrvo.ini

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
      .

      Pas de nouveau fichier créé dans cet espace de temps

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-26 20:12 --------- d-----w C:\ProgramData\Symantec
      2008-05-26 20:03 71,900 ----a-w C:\Users\Wilfried\AppData\Roaming\nvModes.dat
      2008-05-26 19:25 --------- d-----w C:\Program Files\Trend Micro
      2008-05-26 17:55 --------- d-----w C:\Program Files\CCleaner
      2008-05-26 16:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-05-26 16:10 --------- d-----w C:\Program Files\Defenza
      2008-05-26 16:04 --------- d-----w C:\Users\Wilfried\AppData\Roaming\AdwareBot
      2008-05-26 16:04 --------- d-----w C:\Program Files\AdwareBot
      2008-05-26 15:57 5,208 ----a-w C:\Windows\System32\PerfStringBackup.TMP
      2008-05-21 20:51 --------- d-----w C:\ProgramData\Microsoft Help
      2008-05-21 20:51 --------- d-----w C:\Program Files\Picasa2
      2008-05-21 20:51 --------- d-----w C:\Program Files\Norton Save and Restore
      2008-05-21 20:51 --------- d-----w C:\Program Files\Microsoft Works
      2008-05-21 20:51 --------- d-----w C:\Program Files\Google
      2008-05-21 20:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-05-21 20:51 --------- d-----w C:\Program Files\Common Files\Skype
      2008-05-21 20:43 --------- d-----w C:\Users\Wilfried\AppData\Roaming\Skype
      2008-05-20 11:30 --------- d-----w C:\Program Files\Alwil Software
      2008-05-20 10:05 114 ----a-w C:\Users\Wilfried\AppData\Roaming\wklnhst.dat
      2008-05-19 19:40 --------- d-----w C:\Program Files\LabelCommand
      2008-05-19 13:20 --------- d-----w C:\Program Files\Norton Internet Security
      2008-05-19 12:53 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
      2008-05-19 12:53 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
      2008-05-19 12:53 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
      2008-05-19 12:53 --------- d-----w C:\Program Files\Symantec
      2008-05-19 07:19 --------- d-----w C:\ProgramData\Adsl Software Limited
      2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
      2008-05-13 21:44 --------- d-----w C:\Program Files\Windows Mail
      2008-05-07 13:59 137,952 ----a-w C:\Windows\system32\drivers\symsnap.sys
      2008-05-07 13:49 15,464 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys
      2008-05-07 13:49 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
      2008-04-26 05:22 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-04-07 17:04 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2008-04-07 16:59 --------- d-----w C:\Program Files\Windows Live
      2008-04-07 16:57 --------- d-----w C:\ProgramData\WLInstaller
      2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
      2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
      2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
      2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
      2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
      2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
      2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
      2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2007-09-08 09:43 174 --sha-w C:\Program Files\desktop.ini
      2005-04-12 14:54 1,255,708 ----a-w C:\Program Files\wrar340fr.exe
      2005-04-11 12:36 11,593,248 ----a-w C:\Program Files\RealPlayer10-5GOLD_fr.exe
      .

      ------- Sigcheck -------

      .
      ((((((((((((((((((((((((((((( snapshot@2008-05-26_22.08.49.38 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-05-26 20:00:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      + 2008-05-26 20:00:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      - 2008-05-26 20:01:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      + 2008-05-26 20:06:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      - 2008-05-26 20:01:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      + 2008-05-26 20:06:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      - 2008-05-26 19:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-05-26 20:10:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-05-26 19:12:23 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-05-26 20:10:34 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-05-26 19:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-05-26 20:10:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-05-26 17:07:20 9,256 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3207341276-2573896159-681141909-1003_UserData.bin
      + 2008-05-26 20:05:19 9,316 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3207341276-2573896159-681141909-1003_UserData.bin
      - 2008-05-26 17:07:20 74,614 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-05-26 20:05:18 74,914 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-05-26 17:15:07 54,462 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-05-26 20:05:02 54,678 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
      C:\Program Files\LabelCommand\LabelCommand.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2162920C-0C6D-4384-91BF-952A6F1C2D41}]
      C:\Windows\system32\qoMeFvWo.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0A035EC-C865-4E47-BF73-B17741DD5232}]
      C:\Windows\system32\382077\382077.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 21:18 1232896]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-10 13:24 32768]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
      "AdwareBot"="C:\Program Files\AdwareBot\AdwareBot.exe" [2008-05-22 20:12 13911288]
      "WinSpywareProtect (ver. 5.1)"="C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [2008-05-19 09:20 1338880]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-17 04:47 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-17 04:47 8429568]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-17 04:47 81920]
      "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-01-12 07:52 118784]
      "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-05-16 20:07 411768]
      "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 20:39 321656]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
      "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-17 04:21 22696]
      "Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2008-05-07 16:12 2037088]
      "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 19:16 90112]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-08 11:36 180269]
      "OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-05 19:51 400408]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
      "ImgTask"="C:\Windows\Imgtask.exe" [2006-12-13 05:26 20480]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
      "PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [2006-12-15 10:47 1359872]

      C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 21:38:14 2756608]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-10 13:24:57 450560]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-10 13:54:09 692224]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
      VESWinlogon.dll 2007-02-13 15:19 98304 C:\Windows\System32\VESWinlogon.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001
      "InternetSettingsDisableNotify"=dword:00000001
      "AutoUpdateDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{CC37EA31-9CB5-41E7-B271-4CFB23A8287F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{2F4B5941-4206-414C-BC35-CD62A2FBA6BD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{52A33E13-23F4-4620-908B-1B2C80360BA7}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
      "{E756349C-EA58-4003-BC18-D71599F79422}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
      "{7C961D7C-932B-4ABC-B19B-BC5F9911D6A0}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
      "{F806B28C-194E-4BA8-B9DF-DC090039FF38}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
      "{1464C490-92D7-44BC-BEFF-45E5A2AEDE99}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
      "{44EA4FD1-1686-4AF2-BC34-129300F9DF6F}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
      "{F187429B-2998-4C01-9BB8-AAE35764C0F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)
      "DoNotAllowExceptions"= 1 (0x1)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080523.001\IDSvix86.sys [2008-03-20 22:37]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
      R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
      R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
      R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 20:09]
      R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
      R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 14:56]
      R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-10 13:09]
      R3 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2008-05-07 16:12]
      R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
      R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-03-15 21:19]
      R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-03-15 21:19]
      R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 03:03]
      R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-17 04:26]
      R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 14:29]
      R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 05:10]
      S2 AdwareBotSrv;AdwareBot Scanning Engine;"C:\Program Files\AdwareBot\AdwareBot.srv.exe" [2008-05-22 20:12]
      S2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-05 18:55]
      S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
      S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51]
      S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
      S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 14:05]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{045bc7d5-a9eb-11dc-bb09-0019c1a16315}]
      \shell\AutoRun\command - G:\Imageviewer.exe

      *Newly Created Service* - COMHOST
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-05-26 17:05:36 C:\Windows\Tasks\AdwareBot Scheduled Scan.job"
      - C:\Program Files\AdwareBot\AdwareBot.ex
      - C:\Program Files\AdwareBot
      "2008-05-23 18:01:28 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Wilfried.job"
      - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
      "2008-05-25 21:01:06 C:\Windows\Tasks\User_Feed_Synchronization-{38271BF8-A14C-488F-803C-597B8486EC2C}.job"
      - C:\Windows\system32\msfeedssync.exe
      "2008-05-26 19:54:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-26 22:16:06
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-26 22:17:06
      ComboFix-quarantined-files.txt 2008-05-26 20:16:41

      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

      245 --- E O F --- 2008-05-16 19:43:28

      Merci de ton aide
      @+
      0
  2. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    il me manque le rapport de Hijackthis.
    0
    1. Claude Lachance Messages postés 33456 Date d'inscription   Statut Contributeur Dernière intervention   1 035
       
      Bonjour

      Je constate que ce rapport ne passe pas ici à cause du terme «.urban-rivals.coz [J'ai changé le "m" pour un "z" qui est en blacklist, désolé! Je vous le copie ici, avec le lien modifié de la même façon!

      Ciao!


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:37:04, on 27/05/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16643)
      Boot mode: Normal
      
      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
      C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Apoint\Apoint.exe
      C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
      C:\Program Files\Apoint\ApMsgFwd.exe
      C:\Program Files\sony\ISB Utility\ISBMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\OrangeHSS\Systray\SystrayApp.e­xe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Controle Parental\bin\OPTGui.exe
      C:\Windows\Imgtask.exe
      C:\Program Files\Defenza\pcd-as.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDe­sktopMessenger.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\ehome\ehmsas.exe
      C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpyware­Protect.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe­
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\Apoint\Apntex.exe
      C:\Windows\System32\rundll32.exe
      C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.ex­e
      C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.E­XE
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\SearchFilterHost­.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.urban-rivals.coz/player/w­elcomeback.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/?ref=go­Id=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/?ref=go­Id=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/?ref=go­Id=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=&cc=fr&toHttps=1&redig=41D9DFD8C98F412D8003D00C018B3F2F­TOOLBR
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C8­5} - C:\Program Files\OrangeHSS\SearchURLHook\Search­PageURL.dll
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F8­8} - C:\Program Files\Yahoo!\Companion\Installs\cpn\­yt.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA0567­0} - C:\Program Files\Yahoo!\Companion\Installs\cpn\­yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B­3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHe­lper.dll
      O2 - BHO: LabelCommand module - {18CB1A7B-94CD-4582-8022-ADA16851E44­B} - C:\Program Files\LabelCommand\LabelCommand.dll (file missing)
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C7­5} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.d­ll
      O2 - BHO: (no name) - {2162920C-0C6D-4384-91BF-952A6F1C2D4­1} - C:\Windows\system32\qoMeFvWo.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D4­3} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C­6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D­0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F77­7} - C:\PROGRA~1\GOOGLE~1\BAE.dll
      O2 - BHO: 382077 helper - {F0A035EC-C865-4E47-BF73-B17741DD523­2} - C:\Windows\system32\382077\382077.dl­l (file missing)
      O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4­F} - (no file)
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D­0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F8­8} - C:\Program Files\Yahoo!\Companion\Installs\cpn\­yt.dll
      O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26D­F} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dl­l
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcS­tart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStar­tup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvT­askbarInit
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
      O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
      O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.e­xe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe&q­uot; -osboot
      O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [ImgTask] C:\Windows\Imgtask.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-­2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-­2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDe­sktopMessenger.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [AdwareBot] C:\Program Files\AdwareBot\AdwareBot.exe -boot
      O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpyware­Protect.exe" /autorun
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Bluetooth Manager.lnk = ?
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.ex­e
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe­
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\­EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C60850­1} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll­
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C60850­1} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll­
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C4­9} - C:\PROGRA~1\MICROS~3\Office12\ONBttn­IE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C4­9} - C:\PROGRA~1\MICROS~3\Office12\ONBttn­IE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A826­3} - C:\PROGRA~1\MICROS~3\Office12\REFIEB­AR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD2­1} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/s­tatic/securite/certdgi1.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB95953­7} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02­/resources/VistaMSNPUpldfr-fr.cab
      O16 - DPF: {512663B9-A1FD-412E-9E4F-42B2B1DB189­C} (SVSMapCtrl Class) - http://ellipse.irisio.net/fleet/SVSM­apCtrl.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F2172161­6} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivX­BrowserPlugin.cab
      O18 - Protocol: bw+0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw+0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw-0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw-0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw00 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw00s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw10 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw10s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw20 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw20s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw30 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw30s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw40 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw40s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw50 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw50s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw60 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw60s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw70 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw70s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw80 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw80s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw90 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bw90s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwa0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwa0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwb0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwb0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwc0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwc0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwd0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwd0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwe0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwe0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwf0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwf0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32­B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProt­ocol-8876480.dll
      O18 - Protocol: bwg0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwg0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwh0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwh0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwi0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwi0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwj0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwj0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwk0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwk0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwl0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwl0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwm0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwm0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwn0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwn0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwo0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwo0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwp0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwp0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwq0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwq0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwr0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwr0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bws0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bws0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwt0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwt0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwu0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwu0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwv0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwv0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bww0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bww0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwx0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwx0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwy0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwy0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwz0 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: bwz0s - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: offline-8876480 - {5936B42D-D92B-456F-B811-006B60D6BDD­6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProt­ocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5­D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.­DLL
      O23 - Service: AdwareBot Scanning Engine (AdwareBotSrv) - Unknown owner - C:\Program Files\AdwareBot\AdwareBot.srv.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService­.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Inte­l 32\IDriverT.exe
      O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
      O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.ex­e
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS­~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-­2F227FCA9A08}\PIFSvc.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
      O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
      O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
      O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedul­erSvc.exe
      O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
      O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
      O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
      O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceMana­ger\VzHardwareResourceManager.exe
      O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
      O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-­AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
      O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-­HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
      O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-­UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
      O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
      O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
      O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
      O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
      O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
      O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
      O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.e­xe
      
      -- 
      End of file - 27542 bytes


      0
  3. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
    et télécharge SmitfraudFix.exe.

    Regarde le tuto
    Exécute le en choisissant l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.
    0