Virus TR/Crypt.XPACK.Gen que faire?

Résolu
mélyssia -  
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

depuis hier mon Antivir, me détecte the Trojan horse. je ne peux ni le mettre en quarantaine, ni le supprimé.
j ai essauyé de faire une retauration de systhéme impossible, les fenetre ne s affiche pas.

quand je clique sur virus information de ma fenêtre de détection rien n apparait.
tout se que je sais c est C:\WINDOWS\system32\byXOfcCu.dll
je ne suis pas trés calé informatique, je ne sais pas sortir un rapport.

j espére que vous pouvez m aider

merci d avance.
A voir également:

65 réponses

Réponse 1 / 65
mélyssia
 
help j ai besoin d aide

merci merci
0
Réponse 2 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Bonjour Melissa

Commence par m envoyer un rapport HijackThis, fais ce qui suit :

Télécharge hijackthis sur ton Bureau.


Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.

Double clique dessus pour lancer l installation . Accepte la licence qui va apparaître par " I agree" .

Puis clique sur "Do a system scan and save a logfile"

Ferme HijackThis et fais un copier-coller du rapport en entier et poste le ici en réponse.

Note : le rapport se trouve dans C:\Program Files\Trend Micro\HijackThis

Tuto : "générer un rapport" http://pageperso.aol.fr/balltrap34/demohijack.htm

@ suivre.
0
Réponse 3 / 65
mélyssia
 
je ne sais pas combien de temps le scan dure mais la j ai l impression qu il n avance plus du tout
il a scanner d un coup a plus de la moitié et la plus rien depuis 5min et je ne peux rien faire
c' est normal?
0
mélyssia
 
tjr pareil

quelqu un peu m aidé???

s'il vous plait
0
Réponse 4 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Re

Je suis la pour t'aider, mais il faut que tu sois patiente, je ne peux pas répondre dans les 15 secondes a chaque fois, il n'y a pas que toi ;) lol

Regarde http://www.commentcamarche.net/forum/mes interventions

Laisse tomber Hijackthis pour le moment et fais cela :

Télécharge PCA d 'Evosla : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite

Décompresse le sur ton " Bureau

Lance l'analyse (en haut à gauche) --- enregistre le rapport généré (en bas à droite)

Le rapport va être sauvegardé sur ton Bureau " PCA_LOG.txt " --->copie/colle-le dans ta prochaine réponse

@ suivre
0
mélyssia
 
dsl pour les messages précédent, mais je suis plus qu en boule, les nerfs prennent le dessus lol

le scann a été fait mais je ne peut pas enregistré le rapport car ca me blogue tout l ordi, je suis obligé d éteindre l ordi par le bouton de la colone, et de le rallumé plusieur fois jusqu'a ce que l ordi me détecte le virus sinon je ne peut rien faire., je ne sais pas si je suis clair.

je ne peux pas faire de copier coller
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Re

Fais le copier/coller avec CTRL + C et CTRL + V voir si c'est OK, sinon, on attaquera le nettoyage a l'aveugle ...

@+
0
Réponse 6 / 65
mélyssia
 
j ai réussi a copier coller ceci,
ca correspond a ce que vous voulez?





# PCA Sécurité V 1.2.9, (fichier LOG).
# Rapport du :29/05/2008 10:06:15
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\DOCUME~1\Johnny_2\LOCALS~1\Temp\Répertoire temporaire 2 pour pca.zip\pca.exe
C:\Program Files\Mozilla Firefox\firefox.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://french.eazel.com/index.php?rvs=hompag
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://recherche.neuf.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = iexplore
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
02 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
02 - BHO: - {43DB6E6B-943E-435F-9619-F53946B49561} - C:\WINDOWS\system32\ljJCuUnO.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
02 - BHO: mysidesearch browser optimizer - {761dac3f-5582-2b48-22cd-bbbc156f7a87} - C:\WINDOWS\system32\{5a5422e2-3222-1ca9-6b0e-ed1323479d79}.dll
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
02 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
02 - BHO: - {B76CF1F4-ECDC-4CA1-89F8-32403496528E} - C:\WINDOWS\system32\byXOfcCU.dll
02 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar : EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar : P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar : Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [TkBellExe] - "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
04 - HKLM\..\RUN: [RTHDCPL] - RTHDCPL.EXE
04 - HKLM\..\RUN: [Recguard] - C:\WINDOWS\SMINST\RECGUARD.EXE
04 - HKLM\..\RUN: [PCDrProfiler] -
04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [HPBootOp] - "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
04 - HKLM\..\RUN: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
04 - HKLM\..\RUN: [ftutil2] - rundll32.exe ftutil2.dll,SetWriteCacheMode
04 - HKLM\..\RUN: [EPSON Stylus DX4000 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S98.tmp" /EF "HKLM"
04 - HKLM\..\RUN: [ehTray] - C:\WINDOWS\ehome\ehtray.exe
04 - HKLM\..\RUN: [Device Detector] - "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
04 - HKLM\..\RUN: [AlwaysReady Power Message APP] - ARPWRMSG.EXE
04 - HKLM\..\RUN: [LogitechCommunicationsManager] - "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
04 - HKLM\..\RUN: [LogitechQuickCamRibbon] - "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
04 - HKLM\..\RUN: [LVCOMSX] - "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
04 - HKLM\..\RUN: [avgnt] - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
04 - HKLM\..\RUN: [{36-6B-B6-67-DW}] - C:\windows\system32\jownw64p.exe DWramFF
04 - HKLM\..\RUN: [Host Process] - C:\Documents and Settings\Johnny_2\svchost.exe
04 - HKLM\..\RUN: [runner1] - C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
04 - HKLM\..\RUN: [ExploreUpdSched] - C:\WINDOWS\system32\pcntpkdm.exe DWramFF
04 - HKLM\..\RUN: [40a36bc8] - rundll32.exe "C:\WINDOWS\system32\ogtvtnmb.dll",b
04 - HKCU\..\RUN: [MsnMsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\RUN: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKCU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\RUN: [LDM] - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
04 - HKCU\..\RUN: [Veoh] - "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
04 - HKLM\..\RunServices: [MsnMsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKLM\..\RunServices: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLM\..\RunServices: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLM\..\RunServices: [LDM] - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
04 - HKLM\..\RunServices: [Veoh] - "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
04 - HKCU\..\RunServices: [MsnMsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\RunServices: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKCU\..\RunServices: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\RunServices: [LDM] - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
04 - HKCU\..\RunServices: [Veoh] - "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
04 - HKUS\S-1-5-21-3648151616-2520088637-4158305734-1008\..\RUN: [MsnMsgr] - "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
04 - HKUS\S-1-5-21-3648151616-2520088637-4158305734-1008\..\RUN: [swg] - RTHDCPL.EXE
04 - HKUS\S-1-5-21-3648151616-2520088637-4158305734-1008\..\RUN: [ctfmon.exe] - C:\WINDOWS\SMINST\RECGUARD.EXE
04 - HKUS\S-1-5-21-3648151616-2520088637-4158305734-1008\..\RUN: [LDM] -
04 - HKUS\S-1-5-21-3648151616-2520088637-4158305734-1008\..\RUN: [Veoh] - nwiz.exe /install
04 - Global Startup: Lancement rapide d'Adobe Reader.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
04 - Global Startup: Logitech Desktop Messenger.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
04 - Startup: Deewoo.lnk= C:\Documents and Settings\Johnny_2\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
04 - Startup: DW_Start.lnk= C:\Documents and Settings\Johnny_2\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
09 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
09 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : Windows Genuine Advantage Validation Tool - {17492023-C23A-453E-A040-C7C580BBF700} - C:\WINDOWS\system32\LegitCheckControl.DLL
O16 - DPF : Solitaire Showdown Class - {5C051655-FCD5-4969-9182-770EA5AA5565} - C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll
O16 - DPF : DivXBrowserPlugin Object - {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - C:\Program Files\DivX\DivX Web Player\npdivx32.dll
O16 - DPF : Image Uploader Control - {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx
O16 - DPF : - {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF : MessengerStatsClient Class - {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: bw+0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {83ff63fb-f68d-4895-8e79-04453e9b08b3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [AntiVir PersonalEdition Classic Scheduler] - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
O23 - Service: [AntiVir PersonalEdition Classic Guard] - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
O23 - Service: [ARSVC] - C:\WINDOWS\arservice.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Command Service] - C:\WINDOWS\IA\command.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Media Center Receiver Service] - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: [Service de planification Media Center] - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [LightScribeService Direct Disc Labeling Service] - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
O23 - Service: [Logitech Process Monitor] - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: [LVSrvLauncher] - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: [Media Center Extender Service] - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [Network Monitor] - C:\Program Files\Network Monitor\netmon.exe service
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [SSDP Discovery Service] - %SystemRoot%\system32\svchost.exe -k LocalService
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{E240A44A-EE25-4AA3-A4EB-0106CD6D8248}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Telnet] - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Windows Live Setup Service] - "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
O23 - Service: [Recherche Windows] - %systemroot%\system32\SearchIndexer.exe /Embedding
0
Réponse 7 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Re

YES ! c'est cela.

Je regarde cela en détails et te dis quoi faire ;)

@+
0
Réponse 8 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Re

OK, on attaque le nettoyage mlle


Afin de suivre la procédure correctement, je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection

1) Télécharge SDFix d' AndyManchesta

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe sur ton Bureau.

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\)
N y touche pas pour l instant.

2) Redémarre en mode sans échec

Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) SDFix
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

4) Rapports :

Poste un nouveau rapport HijackThis ou un rapport PCA d'Evosla (si tu n'arrives toujours pas à faire d'HijackThis) et le rapport de SDFix en réponse.

@ suivre
0
mélyssia
 
ok je vais me lancé.

merci a+
0
Réponse 9 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Re

OK, on aura encore du boulot pour un moment par la suite, SDFix va déjà faire un peu de vide dans les cochonneries qui "habitent" ton PC, on utilisera par la suite un second outils qui devrait faire du ménage lui aussi. ;)

@ suivre
0
Réponse 10 / 65
mélyssia
 
alors le soucis

ma page internet ne se ferme plus, ni aucune autre, fenetre téléchargement, je peux meme pas sortir par alt+ctrl+echap

je peux téléchargé sdfix mais c est tout je ne peux pas l ouvrir rien, je ne peut plus aller sur mon bureau

ca beugue.....
0
Réponse 11 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Re

As tu essayer avec le gestionnaire des tâches ? CTRL/ALT/SUPP puis clique en haut a droite sur "Arreter" puis "Redémarrer"

Force ton PC en gardant le bouton reset appuyer jusqu'à l'extinction, bien que pas conseillé ... puis fais le redémarrer en mode sans échec , tu dézipperas SDFix en mode sans échec.

Courage, on va y arriver ;)

@ +
0
mélyssia
 
alors voici le rapport SDFix


[b]SDFix: Version 1.186 [/b]
Run by Johnny_2 on 29/05/2008 at 10:59

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
cmdService
Network Monitor

[b]Path [/b]:
C:\WINDOWS\IA\command.exe
C:\Program Files\Network Monitor\netmon.exe service

cmdService - Deleted
Network Monitor - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\IA\asappsrv.dll - Deleted
C:\WINDOWS\IA\command.exe - Deleted
C:\WINDOWS\IA\KE.vbs - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\vtmp2\ktnv33.log - Deleted
C:\WINDOWS\system32\vntiho05\vntiho051080.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\mrofinu1188.exe - Deleted
C:\Program Files\Network Monitor\netmon.exe - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\rwwnw64d.exe - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted



Folder C:\Program Files\Network Monitor - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\vtmp2 - Removed
Folder C:\WINDOWS\system32\vntiho05 - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 11:19:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Documents and Settings\\Johnny_2\\Local Settings\\Temp\\ImInstaller\\incredimail_installer.exe"="C:\\Documents and Settings\\Johnny_2\\Local Settings\\Temp\\ImInstaller\\incredimail_installer.exe:*:Enabled:IncrediMail Installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 14 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sat 19 May 2007 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Mon 26 Mar 2007 2,045 ...H. --- "C:\WINDOWS\system32\whlb32g.dll"
Mon 17 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 12 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT3.tmp"

[b]Finished![/b]

et voici il me semble le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:56, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\pcntpkdm.exe
c:\windows\system32\rwwnw64d.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {83FF63FB-F68D-4895-8E79-04453E9B08B3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 12 / 65
mélyssia
 
ah oui y a eu un changement

messenger c est connecté automatiquement comme avt.
mais en bas a coté de mon horloge, j ai un tiangle rouge de "alerte de sécurité windows" mais mise a jour sont désactivé, et je n arrive pas a les remettre voilou
0
Réponse 13 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Re

Ouaips, c'est pas fini :

Télécharge Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement. /!\

Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.


Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

/!\ Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\Combofix.txt

@ suivre
0
mélyssia
 
combofix.exe est resté sur le mm tache 29 depuis plus de 2heures, c est normal?
du coup je l ai arreté une chose peut etre a pas faire, mais ca m inquiété un peu qd meme.

je le relance et le laisse cherché toute la nuit?

en tout cas le virus est tjr la, je me demande si on va arrivé a la faire partir
0
Réponse 14 / 65
mélyssia
 
si vous plait


que faire?
0
Réponse 15 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Bonsoir melissa


1) Redémarre en mode sans échec

Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] (ou [F5] sur certains PC s ) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuyer sur [Entrée]
Il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

2) Combofix.exe

Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher ---> sauvegarde le sur ton Bureau.

3) Rapports

Fais redémarrer ton PC en mode normal puis poste le rapport de ComboFix que tu as sauvegardé sur ton Bureau ainsi qu'un nouveau rapport HijackThis

Note : Le rapport se trouve également là : C:\Combofix.txt

@ suivre
0
Réponse 16 / 65
mélyssia
 
je l ai relancé toute la nuit, hier soir il était a 31 et ce matin a 41 tache lol, lui il est pas pressé.

je le relance en mode sans échec, j espère que ça sera moins long.
j ai réussi a faire un scan avec antivir hier, il m a fait 24dectection, 10 virus différent, j ai réussi a en mettre 9 en quarantaine, et j ai vidé ma quarantaine, j espère que j ai bien fait?
il y a que TR:Crypt.XPACK.Gen qu il a mis ds la rubrique"waring".

en tout cas merci pour ton aide

a+
0
Réponse 17 / 65
Le sioux Messages postés 4894 Date d'inscription   Statut Contributeur sécurité Dernière intervention   496
 
Bonjour Melissa

J'attends ton rapport ComboFix ;)

Tu as bien fait pour Antivir, cela ne mange pas de pain ;)

Clique droit sur Antivir, dans ta barre des tâches, puis Start Antivir , clique a gauche sur Reports (dans Overview) sélectionne la ligne du sacn que tu as fait et double clique dessus , puis clique sur Reports Files , le rapport de scan que tu as fait devrait apparaître, copie colle le ici dans une prochaine réponse ;)

@+
0
Réponse 18 / 65
mélyssia
 
bonjour voici les rapport

cela fait 3 fois que je l ai post, il ne se prenne pas en compte lol

ComboFix 08-05-28.4 - Johnny_2 2008-05-30 7:58:49.3 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Johnny_2\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Johnny_2\Application Data\DriveCleaner 2006
C:\Documents and Settings\Johnny_2\Application Data\DriveCleaner 2006\activator_info.txt
C:\Documents and Settings\Johnny_2\Application Data\DriveCleaner 2006\Logs\Activate.log
C:\WINDOWS\BM43905854.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bdqybwxi.exe
C:\WINDOWS\system32\bmntvtgo.ini
C:\WINDOWS\system32\byXOfcCU.dll
C:\WINDOWS\system32\gsnndeoq.ini
C:\WINDOWS\system32\gsnndeoq.ini2
C:\WINDOWS\system32\gsnndeoq.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\OnUuCJjl.ini
C:\WINDOWS\system32\OnUuCJjl.ini2
C:\WINDOWS\system32\qoednnsg.dll
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\sqtkahop.dll
C:\WINDOWS\system32\ujvjgehb.dll
C:\WINDOWS\system32\ykdselmd.exe
C:\WINDOWS\system32\zxdnt3d.cfg
.
---- Previous Run -------
.
C:\WINDOWS\IA
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-30 ))))))))))))))))))))))))))))))))))))
.

2008-05-29 12:01 . 2008-05-29 12:01 <REP> d-------- C:\Program Files\SpyShredder
2008-05-29 10:50 . 2008-05-29 10:50 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-29 10:45 . 2008-05-29 11:23 <REP> d-------- C:\SDFix
2008-05-29 08:16 . 2008-05-29 08:16 <REP> d-------- C:\Program Files\Trend Micro
2008-05-29 08:07 . 2008-05-29 08:02 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-29 08:02 . 2008-05-29 08:07 <REP> d-------- C:\Documents and Settings\Johnny_2\.housecall6.6
2008-05-28 18:36 . 2008-05-28 18:36 49,172 --a------ C:\WINDOWS\system32\jownw64p.exe
2008-05-28 18:18 . 2008-05-28 18:18 279,552 --a------ C:\WINDOWS\system32\ljJCuUnO.dll
2008-05-28 18:15 . 2008-05-28 18:15 95,833 --a------ C:\WINDOWS\system32\{5a5422e2-3222-1ca9-6b0e-ed1323479d79}.dll-uninst.exe
2008-05-28 18:14 . 2008-05-29 11:34 860 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-28 18:13 . 2008-05-29 21:13 <REP> d-------- C:\WINDOWS\system32\zA
2008-05-28 18:13 . 2008-05-29 21:13 <REP> d-------- C:\WINDOWS\system32\rW
2008-05-28 18:13 . 2008-05-28 18:13 <REP> d-------- C:\WINDOWS\system32\bIP
2008-05-28 18:13 . 2008-05-29 11:19 <REP> d-------- C:\Temp
2008-05-28 18:13 . 2008-05-28 18:17 <REP> d--hs---- C:\Documents and Settings\Johnny_2\!
2008-05-28 18:13 . 2008-05-28 18:13 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-28 18:13 . 2008-05-28 18:13 200,768 --a------ C:\WINDOWS\system32\pcntpkdm.exe
2008-05-28 18:13 . 2008-05-29 19:58 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-05-13 10:37 . 2008-05-13 10:38 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-01 08:54 . 2008-05-25 08:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 08:54 . 2008-05-01 08:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-30 14:26 . 2008-04-30 14:26 <REP> d-------- C:\WatchNow
2008-04-07 22:06 . 2008-05-29 20:53 <REP> d-------- C:\Documents and Settings\Johnny_2\Shared
2008-04-07 22:06 . 2008-05-28 18:07 <REP> d-------- C:\Documents and Settings\Johnny_2\Incomplete
2008-04-07 22:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-07 22:02 . 2008-04-07 22:02 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-07 21:54 . 2008-04-30 10:37 <REP> d-------- C:\Program Files\P2P_Energy
2008-04-07 21:54 . 2008-04-07 21:54 <REP> d-------- C:\Program Files\Conduit
2008-04-07 21:54 . 2008-04-17 15:37 <REP> d-------- C:\Documents and Settings\Johnny_2\Application Data\LimeWire Music

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 08:35 --------- d-----w C:\Documents and Settings\Johnny_2\Application Data\AdobeUM
2008-05-03 07:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 07:20 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
2008-04-24 06:29 9,250 ----a-w C:\Documents and Settings\Johnny_2\Application Data\wklnhst.dat
2008-04-07 20:04 --------- d-----w C:\Program Files\Java
2008-03-28 19:53 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-28 15:06 --------- d-----w C:\Program Files\Seagrand
2007-01-06 15:08 251 ----a-w C:\Program Files\wt3d.ini
2007-05-19 17:24 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761dac3f-5582-2b48-22cd-bbbc156f7a87}]
C:\WINDOWS\system32\{5a5422e2-3222-1ca9-6b0e-ed1323479d79}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9506910A-0F94-4ea1-B567-7070428B8B2B}]
2008-03-27 17:35 333824 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB534082-BF61-4EAD-9D83-AD9E121DF703}]
2008-05-28 18:18 279552 --a------ C:\WINDOWS\system32\ljJCuUnO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19 5728112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 12:45 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-29 17:58 36864]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-19 15:57 180269]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"nwiz"="nwiz.exe" [2006-05-10 00:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-10 00:50 7311360]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2005-06-27 11:21 221184]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
"LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 08:17 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"{36-6B-B6-67-DW}"="C:\windows\system32\rwwnw64d.exe" [ ]
"ExploreUpdSched"="C:\WINDOWS\system32\pcntpkdm.exe" [2008-05-28 18:13 200768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Johnny_2^Menu Démarrer^Programmes^Démarrage^Pin.lnk]
path=C:\Documents and Settings\Johnny_2\Menu Démarrer\Programmes\Démarrage\Pin.lnk
backup=C:\WINDOWS\pss\Pin.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Johnny_2^Menu Démarrer^Programmes^Démarrage^PinMcLnk.lnk]
path=C:\Documents and Settings\Johnny_2\Menu Démarrer\Programmes\Démarrage\PinMcLnk.lnk
backup=C:\WINDOWS\pss\PinMcLnk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anniversaires]
--a------ 2007-02-18 00:51 765952 C:\Anuman Interactive\Le journal de votre naissance\anniv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-17 12:45 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 08:06:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...
0
Réponse 19 / 65
mélyssia
 
Avira AntiVir Personal
Report file date: 2008-05-29 20:41

Scanning for 1301396 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-FB9B15D2723

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-19 06:17:36
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-19 06:17:36
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-19 06:17:37
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-19 06:17:37
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 18:17:06
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 14:01:57
ANTIVIR3.VDF : 7.0.4.113 361984 Bytes 2008-05-29 18:37:19
Engineversion : 8.1.0.49
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-19 06:17:38
AESCRIPT.DLL : 8.1.0.36 270714 Bytes 2008-05-29 18:37:26
AESCN.DLL : 8.1.0.20 119157 Bytes 2008-05-29 18:37:24
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-26 07:42:03
AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-18 14:02:47
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-19 06:17:38
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-18 14:02:38
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-05-29 18:37:23
AEGEN.DLL : 8.1.0.23 307573 Bytes 2008-05-29 18:37:22
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-12 14:01:09
AECORE.DLL : 8.1.0.30 168311 Bytes 2008-05-29 18:37:20
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-19 06:17:36
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-19 06:17:36
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-19 06:17:36
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-19 06:17:35
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-19 06:17:35
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-19 06:17:38
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-19 06:17:38
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-19 06:17:37
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-19 06:17:30
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-19 06:17:30

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-05-29 20:41

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'pcntpkdm.exe' - '1' Module(s) have been scanned
Scan process 'jownw64p.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LVComSX.exe' - '1' Module(s) have been scanned
Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'DevDetect.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
57 processes with 57 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\byXOfcCU.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]

The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Johnny_2\Bureau\install_3968_MHwxfDB8fHx8fHw_(2).exe
[DETECTION] Is the Trojan horse TR/Peed.A.449
[NOTE] The file was moved to '48b1fa4d.qua'!
C:\Documents and Settings\Johnny_2\Bureau\install_3968_MHwxfDB8fHx8fHw_.exe
[DETECTION] Is the Trojan horse TR/Peed.A.449
[NOTE] The file was moved to '48b1fa56.qua'!
C:\Documents and Settings\Johnny_2\Bureau\install_3968_MXwyN3wxMDEwMDAwMDAwfHx8fHx8_.exe
[DETECTION] Is the Trojan horse TR/Peed.A.449
[NOTE] The file was moved to '48b1fa6e.qua'!
C:\Documents and Settings\Johnny_2\Local Settings\Application Data\Microsoft\CD Burning\Terminator2 DVD RipUNCUT1CD - FAST.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was moved to '48b0fadb.qua'!
C:\Documents and Settings\Johnny_2\Shared\Terminator2 DVD RipUNCUT1CD - FAST.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was moved to '48b0fc0d.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0028225.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '486efdc0.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044232.exe
[DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
[NOTE] The file was moved to '486efdd9.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044234.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.epp
[NOTE] The file was moved to '486efdea.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044235.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486efdfc.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044236.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486efe00.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044242.vbs
[DETECTION] Is the Trojan horse TR/Small.WY
[NOTE] The file was moved to '486efe0e.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044270.exe
[DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
[NOTE] The file was moved to '486efe16.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044271.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.epp
[NOTE] The file was moved to '486efe1e.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044272.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486efe21.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044273.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486efe25.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044274.vbs
[DETECTION] Is the Trojan horse TR/Small.WY
[NOTE] The file was moved to '486efe28.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP378\A0044328.dll
[DETECTION] Is the Trojan horse TR/BHO.cmd
[NOTE] The file was moved to '486efe36.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP379\A0050377.exe
[DETECTION] Is the Trojan horse TR/Peed.A.449
[NOTE] The file was moved to '486efe43.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP379\A0050378.exe
[DETECTION] Is the Trojan horse TR/Peed.A.449
[NOTE] The file was moved to '486efe47.qua'!
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP379\A0050379.exe
[DETECTION] Is the Trojan horse TR/Peed.A.449
[NOTE] The file was moved to '486efe4a.qua'!
C:\WINDOWS\system32\byXOfcCU.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\rW\autdx2.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48b300b5.qua'!
C:\WINDOWS\system32\zA\wdpars11.exe
[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
[NOTE] The file was moved to '48af00c7.qua'!
Begin scan in 'D:\' <PRESARIO_RP>


End of the scan: 2008-05-29 21:21
Used time: 39:28 min

The scan has been done completely.

7564 Scanning directories
354897 Files were scanned
24 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
22 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
354873 Files not concerned
15500 Archives were scanned
4 Warnings
22 Notes
0
Réponse 20 / 65
mélyssia
 
dsl d avoir fait de réponse mais je n arrivé pas a les posté

le rapport hijackthis a été fait mais dés que je le post il me disent que ma réponse est enregistré mais n apparait pas ds la discusion.

je réessayez ds un ti moment peut etre
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
Signification "TR"
andromeid -
matrix4422 -

3 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses