Rapport Hijack this Résolu

Question

Bonjour,
J'ai fait une restauration du systeme, et lancé hijack this en mode sans echec, voisci le rapport 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:11, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\ERIC\Bureau\Anti-virus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\ERIC\lsass.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [BM73411f46] Rundll32.exe "C:\WINDOWS\system32\yrxloagf.dll",s
O4 - HKLM\..\Run: [70722cda] rundll32.exe "C:\WINDOWS\system32\caxdvods.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f2a4c256dc63c678.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Utilisateur anonyme · Answer

Bonjour,

*Télécharge SDFix (créé par AndyManchesta)
*Double-clique sur SDFix.exe
*Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
*Redémarre en mode sans échec
*Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
*Double clique sur RunThis.bat pour lancer le script. (Le .bat peut ne pas apparaître)
*Appuie sur Y pour commencer le processus de nettoyage.
*Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
*Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
*Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
*Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
*Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
*Copie/colle le contenu


*Si Sdfix ne se lance pas
* Clique sur Démarrer > Exécuter
*Copie/colle ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clique sur Ok.
*Redémarre et essaie de relance SDFix.

naiki31 · Answer

Merci pour ton aide, voici le rapport :


Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\system32\jkkIXnmk.dll - Deleted



Folder C:\Program Files\winvi - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp	mpvc14 - Removed
Folder C:\Temp\vtmp2 - Removed


Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 11:56:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Winsos\winsos.exe"="C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Steam\SteamApps\fuliwong\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\SteamApps\fuliwong\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 24 Oct 2005     4,134,432 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008     1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008     5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008     2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 26 Mar 2006         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue  7 Dec 2004       258,352 A..H. --- "C:\Documents and Settings\ERIC\Bureau\Opendisc (D)\unicows.dll"
Fri  6 Jun 2008       214,016 A..H. --- "C:\Documents and Settings\ERIC\Local Settings\Temp\~10.tmp"
Thu 15 May 2003        43,008 A..H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
Sun 26 Mar 2006         4,348 ...H. --- "C:\Documents and Settings\ERIC\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Wed 26 Mar 2008            20 A..H. --- "C:\Documents and Settings\ERIC\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 26 Jan 2006           312 A.SH. --- "C:\Documents and Settings\ERIC\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

[b]Finished![/b]

naiki31 · Answer

Par contre, j'ai lancé donc le scrit en mode sans echec mais il ne m'a pas demandé d'appuyer sur une touche pour le redemarrer. Je l'ai donc fermé puis redémarrer en mode normal.

Utilisateur anonyme · Answer

Ok 

Copie/colle un nouveau rapport HijackThis

naiki31 · Answer

Encore merci de m'aider !
J'ai lancé hijackthis en mode normal. Si il faut que je le fasse en mode sans echec, dit moi le et je le referait !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:00, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ERIC\Bureau\Anti-virus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [70722cda] rundll32.exe "C:\WINDOWS\system32\caxdvods.dll",b
O4 - HKLM\..\Run: [BM73411f46] Rundll32.exe "C:\WINDOWS\system32\yrxloagf.dll",s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f2a4c256dc63c678.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Utilisateur anonyme · Answer

*Télécharge OTMoveIt (d&#8217;Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

*Double-clique sur OTMoveIt.exe pour le lancer.
*Copie la liste qui se trouve ci-dessous et colle-la dans le cadre de gauche de OTMoveIt : Paste List of Files/Folders to be moved.

c:\windows\system32\caxdvods.dll
c:\windows\system32\yrxloagf.dll

*Clique sur MoveIt! Pour lancer la suppression.
*Le résultat apparaitra dans le cadre Results. 
*Clique sur Exit pour fermer.
*Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. Exemple:(01282008_131348.log )

*Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
Si c'est le cas accepte par Yes



*Télécharge et installe MalwareByte's :
*Lance une analyse complète.
*A la fin du scan, clique sur "Supprimer la sélection" ou "Remove Selected"
*Copie/colle le rapport final.


HijackThis en mode sans échec ne montre pas tous les processus ça peut être gênant.

naiki31 · Answer

Le rapport de OTMoveIt

DllUnregisterServer procedure not found in c:\windows\system32\caxdvods.dll
c:\windows\system32\caxdvods.dll NOT unregistered.
c:\windows\system32\caxdvods.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\yrxloagf.dll
c:\windows\system32\yrxloagf.dll NOT unregistered.
c:\windows\system32\yrxloagf.dll moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06092008_151335



Malware est encours, je post le rapport des que c'est terminé

naiki31 · Answer

Voici le rapport.
Au redemarrage, une fenetre s'est ouverte : Erreur de chargement de C:/windows/system32/yrxloagf.dll Le module spécifié est introuvable

Malwarebytes' Anti-Malware 1.15
Version de la base de données: 842

15:51:19 09/06/2008
mbam-log-6-9-2008 (15-51-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 95640
Temps écoulé: 33 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 63

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\wvUnonmK.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89579f49-806b-4f6d-a6a6-836749de89fd} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{89579f49-806b-4f6d-a6a6-836749de89fd} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e8fa0ce0-bdaa-4e34-87f5-3b6d8217a0da} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70722cda (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM73411f46 (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvunonmk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvunonmk  -> Delete on reboot.

Dossier(s) infecté(s):
C:\WINDOWS\system32\dFrnx05 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\wvUnonmK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KmnonUvw.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KmnonUvw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\kl.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\ERIC\lsass.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\89MN01E3\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP488\A0278739.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP488\A0278829.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP489\A0278900.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP489\A0278901.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP489\A0278905.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP489\A0278906.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP490\A0279037.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP490\A0279040.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP490\A0279041.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP490\A0280176.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP490\A0280179.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP490\A0280180.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP491\A0281263.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP491\A0281266.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP491\A0281267.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP492\A0282275.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP492\A0282285.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP492\A0283287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP492\A0283288.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP492\A0283289.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP492\A0283292.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP492\A0283293.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP495\A0283393.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP495\A0283399.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP495\snapshot\MFEX-1.DAT (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP495\snapshot\MFEX-2.DAT (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP496\A0283414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283433.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283434.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283435.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283436.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283437.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283438.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283440.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283512.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283513.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283528.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283537.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0287279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288428.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1188.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1188.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBrrQHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBstSIc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gvcswrui.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mkussnjq.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYrooo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
nnlihap.dll.ren (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnLETN.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	uvSkkKB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUKbxWN.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xutpkhvm.dll.ren (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dFrnx05\dFrnx051080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vntiho18\vntiho182328.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

Comment se comporte le PC ?

naiki31 · Answer

Il a l'air de bien se comporter ... Ca faisait tellement longtemps ... !!!!!
Je te remercie encore une fois !!!!!
C'est bon, il est clean ?!

naiki31 · Answer

A part les fentres de pub qui font que s'ouvrirent ! (toujours les memes)

Utilisateur anonyme · Answer

*Télécharge Navilog1 sur ton Bureau.
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
*Double-clique sur navilog1.exe pour lancer l'installation.
*Une fois l'installation effectuée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
*Laisse-toi guider. Au menu principal, choisis 1 et valide.

/!\ Ne fais pas les choix 2, 3 ou 4 sans mon accord! /!\

*Patiente jusqu'au message :
*** Analyse Termine le ..... ***

*Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
*Copie-colle l'intégralité du rapport dans ta réponse. Referme le bloc-note.
(Le rapport est sauvegardé à la racine du disque (C:\fixnavi.txt)

naiki31 · Answer

Voila le rapport :


Search Navipromo version 3.5.8 commencé le 09/06/2008 à 16:17:38,64

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "ERIC" 

Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\ERIC\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\ERIC\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\ERIC\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\ERIC\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\ERIC\locals~1\applic~1" : 

ahppkx.dat trouvé !
ahppkx_nav.dat trouvé !
ahppkx_navps.dat trouvé !

* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\eehkknpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\eLTtAJlm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\GfiiQqss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\iiihgMoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\iSDdcMoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\sAaHRXbc.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\YbdLRqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 09/06/2008 à 16:21:42,95 ***

naiki31 · Answer

Je dois m'absenter jusqu'a 19h15 a peur pres !
A tout a l'heure.
Et pourras tu me dire si il a des logiciels que tu m'as fait installer que je peux enlever ou si je doit tout garder ?
Malwarebytes je vais le garder (il a l'air bien pour vérifier de temps en temps mais les autres ? (PTMoveIt, Navilog...)
Merci pour ta patience ;)

Utilisateur anonyme · Answer

On supprimera les logiciels à la fin, je te donnerais un logiciel qui fera tout à ta place ;)

#Double-clique sur le raccourci Navilog1 et laisse-toi guider.
#Au menu principal, choisis l'option 2 et valide par ENTREE.

#Le fix va t'informer qu'il va alors redémarrer ton PC.
#Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts.
#Appuie sur une touche comme demandé.

(si ton PC ne redémarre pas automatiquement, redémarre-le normalement)

#Au redémarrage de ton PC, choisis ta session habituelle.

#Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
#Le bloc-note va s'ouvrir.
#Sauvegarde le rapport à la racine de ton disque dur (C:\)
#Referme le blocnote. Ton bureau va réapparaître.
#Poste le rapport

/!\
Si ton bureau ne réapparait pas, appuie simultanément sur CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Clique sur fichier et choisis Exécuter
Tape explorer.exe et valide. Ton bureau va réapparaître. /!\



#Clique sur Démarrer
#Clique sur Panneau de configuration
#Clique sur Options Internet
#Positionne-toi dans l'onglet Contenu > puis dans l'onglet Certificats
#Si tu trouves ces certificats :

electronic-group
egroup
Montorgueil
VIP
Sunny Day Design Ltd
OOO-Favorit

#Supprime-les ! Et seulement ceux-là ! 
#Redémarre ton PC.



Ensuite,
#Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
#Double-clique VundoFix.exe afin de le lancer.
#Clique sur le bouton Scan for Vundo.
#Lorsque le scan est complété, clique sur le bouton Fix Vundo.
#Une invite te demandera si tu veux supprimer les fichiers, clique YES
#Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers.
#Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
#Démarre ton PC à nouveau.
#Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Note : Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo"

naiki31 · Answer

Voici le rapport de navilog, le reste arrive ;)

Clean Navipromo version 3.5.8 commencé le 09/06/2008 à 19:16:19,60

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "ERIC" 

Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\ERIC\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ERIC\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\ERIC\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\ERIC\menudm~1\progra~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\ERIC\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\ERIC\locals~1\applic~1" * 

ahppkx.dat trouvé !
Copie ahppkx.dat réalisée avec succès !
ahppkx.dat supprimé !

ahppkx_nav.dat trouvé !
Copie ahppkx_nav.dat réalisée avec succès !
ahppkx_nav.dat supprimé !

ahppkx_navps.dat trouvé !
Copie ahppkx_navps.dat réalisée avec succès !
ahppkx_navps.dat supprimé !


* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 09/06/2008 à 19:20:34,84 ***

naiki31 · Answer

Pour les certificats, je l'avais deja fait (j'etais aller voir un peut ce que t'avais marqué sur les autres post !)

Rapport de Vundofix (il n'a rien trouvé) :


VundoFix V7.0.5

Scan started at 12:03:00 27/05/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.5

Scan started at 19:24:46 09/06/2008

Listing files found while scanning....

No infected files were found.

Utilisateur anonyme · Answer

Relance MalwareByte's en mode sans échec. Mets le à jour en mode normal avant ;)

naiki31 · Answer

Je le met a jour comment ?!

naiki31 · Answer

Oups, c'est bon, j'ai vu ... !

naiki31 · Answer

Je l'ai fait, puis au bout d'1h30 (au moins !!) une fenetre s'est ouverte en disant : erreur (et un chiffre) Indice en dehors de la page.

Je Dois recommencer ?!

Utilisateur anonyme · Answer

Essaie de recommencer oui et en mode normal si ça fonctionne toujours pas.

naiki31 · Answer

Ok, je le fait alors.
j'ai désinstaller avast et installer antivir, il m'a trouvé pas mal de choses. J'ai mis en quarantaine. Est ce que tu veux le rapport ?

hubertaaz · Answer

Salut à vous deux,

Je me permets une petite incruste compte tenu du fait que j'avais assisté naiki31 sur un autre topic et que je lui ai conseillé de poster ici.

naiki, je ne connaissais pas 12.eleven, mais je peux te dire que tu es pris en charge par quelqu'un qui s'y connait. Tu as beaucoup de chance. 

Pour avancer 12.eleven, oui naiki31, colle ton rapport antivir. 

Je tenais à vous signaler que actuellement il y a un problème pour scanner avec MalwareBytes : http://www.commentcamarche.net/forum/affich 6815607 probleme sur malwarebytes anti malware

Bonne continuation

@+

Utilisateur anonyme · Answer

Merci Hubertaaz, il me tracassait ce message d'erreur.
Et merci pour antivir ;)

Naiki31, excellent initiative que d'avoir installer Antivir.

naiki31 · Answer

Donc voila le rapport d'antivir : il a detecté 2x Navilog que j'ai ignoré. Le reste j'ai mis en quarantaine.



Avira AntiVir Personal
Report file date: mardi 10 juin 2008  11:13

Scanning for 1320174 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    MLYNARCZ-PERSO

Version information:
BUILD.DAT     : 8.1.00.295      16479 Bytes  09/04/2008 16:24:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes  18/03/2008 09:02:56
AVSCAN.DLL    : 8.1.1.0         53505 Bytes  07/02/2008 08:43:37
LUKE.DLL      : 8.1.2.9        151809 Bytes  28/02/2008 08:41:23
LUKERES.DLL   : 8.1.2.1         12033 Bytes  21/02/2008 08:28:40
ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.3.2       5447168 Bytes  07/03/2008 13:08:58
ANTIVIR2.VDF  : 7.0.4.120     2206720 Bytes  01/06/2008 20:06:39
ANTIVIR3.VDF  : 7.0.4.165      237568 Bytes  09/06/2008 20:06:41
Engineversion : 8.1.0.55  
AEVDF.DLL     : 8.1.0.5        102772 Bytes  25/02/2008 09:58:21
AESCRIPT.DLL  : 8.1.0.40       266618 Bytes  09/06/2008 20:06:53
AESCN.DLL     : 8.1.0.21       119156 Bytes  09/06/2008 20:06:52
AERDL.DLL     : 8.1.0.20       418165 Bytes  09/06/2008 20:06:52
AEPACK.DLL    : 8.1.1.5        364918 Bytes  09/06/2008 20:06:51
AEOFFICE.DLL  : 8.1.0.18       192890 Bytes  09/06/2008 20:06:49
AEHEUR.DLL    : 8.1.0.30      1253750 Bytes  09/06/2008 20:06:48
AEHELP.DLL    : 8.1.0.15       115063 Bytes  09/06/2008 20:06:44
AEGEN.DLL     : 8.1.0.28       307572 Bytes  09/06/2008 20:06:44
AEEMU.DLL     : 8.1.0.6        430451 Bytes  09/06/2008 20:06:43
AECORE.DLL    : 8.1.0.31       168310 Bytes  09/06/2008 20:06:42
AVWINLL.DLL   : 1.0.0.7         14593 Bytes  23/01/2008 17:07:53
AVPREF.DLL    : 8.0.0.1         25857 Bytes  18/02/2008 10:37:50
AVREP.DLL     : 7.0.0.1        155688 Bytes  16/04/2007 13:26:47
AVREG.DLL     : 8.0.0.0         30977 Bytes  23/01/2008 17:07:49
AVARKT.DLL    : 1.0.0.23       307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes  28/02/2008 08:31:31
SQLITE3.DLL   : 3.3.17.1       339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes  23/01/2008 17:08:39
NETNT.DLL     : 8.0.0.1          7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes  10/03/2008 14:37:25
RCTEXT.DLL    : 8.0.32.0        86273 Bytes  06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 10 juin 2008  11:13

Starting search for hidden objects.
'55115' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Integrator.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!
Master boot sector HD1
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD2
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD3
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD4
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.
Master boot sector HD5
      [INFO]      No virus was found!
      [WARNING]   Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\012PAJKB\Navilog1[1].exe
      [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.99
      [WARNING]   The file was ignored!
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\I74J8JA7\kb456456[1]
      [DETECTION] Is the Trojan horse TR/Mondera.101376
      [NOTE]      The file was moved to '48824893.qua'!
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\I74J8JA7\kb516107[1]
      [DETECTION] Is the Trojan horse TR/Mondera.105472.1
      [NOTE]      The file was moved to '48834897.qua'!
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\IJN67NX7\kb767887[1]
      [DETECTION] Is the Trojan horse TR/Mondera.113664
      [NOTE]      The file was moved to '488548ac.qua'!
C:\Documents and Settings\ERIC\Shared\Autre\Autre\6 Chattes en Feu.avi
      [DETECTION] Is the Trojan horse TR/Dldr.WMA.GetCodec.A
      [NOTE]      The file was deleted!
C:\SDFix\backups\backups.zip
  [0] Archive type: ZIP
  --> backups/jkkIXnmk.dll
      [DETECTION] Is the Trojan horse TR/WinlogonHook.H.1
      [WARNING]   The file was ignored!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP488\A0278727.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '48804c28.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP489\A0278902.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agen.152576
      [NOTE]      The file was moved to '48804c59.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP495\A0283390.dll
      [DETECTION] Is the Trojan horse TR/Mondera.108544
      [NOTE]      The file was moved to '48804c84.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283439.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '48805071.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283442.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '48805079.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283444.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '4880507c.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283445.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '4880507f.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283446.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '48805082.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283447.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '48805086.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283448.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '488050d2.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283449.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '488050d5.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283450.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '488050d7.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283451.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '488050da.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP498\A0285606.dll
      [DETECTION] Is the Trojan horse TR/Vundo.enl.3
      [NOTE]      The file was moved to '488050e3.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP498\A0285608.dll
      [DETECTION] Is the Trojan horse TR/Vundo.enl.3
      [NOTE]      The file was moved to '488050e9.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0287284.dll
      [DETECTION] Is the Trojan horse TR/Mondera.106496
      [NOTE]      The file was moved to '48805115.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0287285.dll
      [DETECTION] Is the Trojan horse TR/Mondera.102400
      [NOTE]      The file was moved to '48805117.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288472.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '4880511f.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288473.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '48805122.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288474.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '48805124.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288475.dll
      [DETECTION] Is the Trojan horse TR/WinlogonHook.H.1
      [NOTE]      The file was moved to '48805128.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288476.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '4880512a.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288477.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '48805130.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288478.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '49091749.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288479.dll
      [DETECTION] Is the Trojan horse TR/WinlogonHook.H.1
      [NOTE]      The file was moved to '48805132.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288480.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '4909174b.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288481.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '48805131.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP501\A0288482.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '4909174a.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP503\A0288744.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '4880513a.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP503\A0288748.exe
      [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.99
      [NOTE]      The file was moved to '4880513b.qua'!
C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP503\A0288749.dll
      [DETECTION] Is the Trojan horse TR/Mondera.113664
      [NOTE]      The file was moved to '49091744.qua'!
C:\WINDOWS\system32\fjbacmto.dll
      [DETECTION] Is the Trojan horse TR/Mondera.108544
      [NOTE]      The file was moved to '48b0527d.qua'!
C:\WINDOWS\system32\ohhspuwc.VIR
      [DETECTION] Is the Trojan horse TR/Mondera.113664
      [NOTE]      The file was moved to '48b65291.qua'!
C:\WINDOWS\system32\upgxdihq.dll.ren
      [DETECTION] Is the Trojan horse TR/Mondera.108544
      [NOTE]      The file was moved to '48b552a4.qua'!
C:\_OTMoveIt\MovedFiles\06092008_151335\windows\system32\caxdvods.dll
      [DETECTION] Is the Trojan horse TR/Mondera.101376
      [NOTE]      The file was moved to '48c652e3.qua'!
C:\_OTMoveIt\MovedFiles\06092008_151335\windows\system32\yrxloagf.dll
      [DETECTION] Is the Trojan horse TR/Mondera.105472.1
      [NOTE]      The file was moved to '48c652f4.qua'!


End of the scan: mardi 10 juin 2008  12:08
Used time: 54:24 min

The scan has been done completely.

   6098 Scanning directories
 183070 Files were scanned
     42 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
     39 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 183028 Files not concerned
   1461 Archives were scanned
      8 Warnings
     40 Notes
  55115 Objects were scanned with rootkit scan
      0 Hidden objects were found

naiki31 · Answer

Oui, j'ai regardé pas mal le forum, et j'ai lu comme quoi il était gratuit et mieux, donc tant qu'a faire ...
Par contre j'ai toujours pas compris moi pour ce message d'erreur ! J'ai lancé malwarebytes en mode normal.

Utilisateur anonyme · Answer

Poste un nouveau rappôrt HijackThis please :)

naiki31 · Answer

Le voici !!
Celui de Malware devrait pas tarder !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:49, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\ERIC\Bureau\Anti-virus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {29BAA82E-2E5C-48B6-A403-56E5D34E8E92} - C:\WINDOWS\system32\qoMghiii.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {749882ae-d757-80aa-7a94-95423632483b} - {b3842363-2459-49a7-aa08-757dea288947} - C:\WINDOWS\system32\ohhspuwc.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f2a4c256dc63c678.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

naiki31 · Answer

Et voila celui de malware :

Malwarebytes' Anti-Malware 1.15
Version de la base de données: 842

15:53:29 10/06/2008
mbam-log-6-10-2008 (15-53-29).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 100283
Temps écoulé: 34 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Utilisateur anonyme · Answer

Relance HijackThis > Do a system scan only
Coche ces lignes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
O2 - BHO: (no name) - {29BAA82E-2E5C-48B6-A403-56E5D34E8E92} - C:\WINDOWS\system32\qoMghiii.dll (file missing)  
O2 - BHO: {749882ae-d757-80aa-7a94-95423632483b} - {b3842363-2459-49a7-aa08-757dea288947} - C:\WINDOWS\system32\ohhspuwc.dll (file missing)  
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O18 - Protocol: bw+0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw+0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw-0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw-0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw00 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw00s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw10 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw10s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw20 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw20s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw30 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw30s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw40 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw40s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw50 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw50s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw60 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw60s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw70 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw70s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw80 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw80s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw90 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw90s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwa0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwa0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwb0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwb0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwc0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwc0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwd0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwd0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwe0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwe0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwf0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwf0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll 
O18 - Protocol: bwg0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwg0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwh0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwh0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwi0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwi0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwj0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwj0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwk0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwk0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwl0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwl0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwm0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwm0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwn0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwn0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwo0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwo0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwp0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwp0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwq0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwq0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwr0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwr0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bws0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bws0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwt0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwt0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwu0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwu0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwv0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwv0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bww0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bww0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwx0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwx0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwy0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwy0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwz0 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwz0s - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: offline-8876480 - {193B3AEC-43E9-4F64-82E9-993C80F44198} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
Clique sur Fix Checked



BitDefender
#Fais un scan en ligne Bitdefender
#Une fois sur le site clique sur le bouton BitDefender Scan Online 
#Vois la démo de Balltrap34 ici si tu n'y arrives pas !
#Copie/colle le rapport final.

NB : Le scan est à faire avec Internet Explorer

naiki31 · Answer

Bon alors j'ai fait le scan de Bit defender. A la fin j'ai cliquer sur envoyer le rapport, la fenetre s'est fermée. Il se trouve ou normalement ?!

naiki31 · Answer

G trouvé ca sur l'ordi sous forme html




BitDefender Online Scanner
	
Rapport d'analyse généré à: Tue, Jun 10, 2008 - 17:44:56

Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;


Statistiques

Temps
	

01:25:09

Fichiers
	

77177

Directoires
	

6197

Secteurs de boot
	

2

Archives
	

1519

Paquets programmes
	

5017
	

 
	

 

Résultats

Virus identifiés
	

5

Fichiers infectés
	

6

Fichiers suspects
	

0

Avertissements
	

0

Désinfectés
	

0

Fichiers effacés
	

6
	

 
	

 

Info sur les moteurs

Définition virus
	

1257267

Version des moteurs
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
	

16

Archive des plugins
	

42

Unpack des plugins
	

7

E-mail plugins
	

6

Système plugins
	

5
	

 
	

 

Paramètres d'analyse

Première action
	

Désinfecté

Seconde Action
	

Supprimé

Heuristique
	

Oui

Acceptez les avertissements
	

Oui

Extensions analysées
	

exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions
	

 

Analyse d'emails
	

Oui

Analyse des Archives
	

Oui

Analyser paquets programmes
	

Oui

Analyse des fichiers
	

Oui

Analyse de boot
	

Oui
	

 
	

 
 

Fichier analysé
	

 Statut

C:\LOGICIELS LIBRES\EDUCATIF\CARTES DU CIEL\cdcbase276.exe
	

Infecté par: Trojan.Generic.272855

C:\LOGICIELS LIBRES\EDUCATIF\CARTES DU CIEL\cdcbase276.exe
	

Supprimé

C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP496\A0283415.dll
	

Infecté par: Trojan.Vundo.ESP

C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP496\A0283415.dll
	

Supprimé

C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283441.dll
	

Infecté par: Rootkit.1007

C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283441.dll
	

Supprimé

C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP500\A0287077.dll
	

Infecté par: MemScan:Trojan.Vundo.ESK

C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP500\A0287077.dll
	

Supprimé

C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP503\A0288842.exe
	

Infecté par: Trojan.Generic.272855

C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP503\A0288842.exe
	

Supprimé

C:\Temp\hEmm0012.exe
	

Infecté par: MemScan:Trojan.Downloader.Small.BUY

C:\Temp\hEmm0012.exe
	

Supprimé

naiki31 · Answer

Et celui la sous forme log (ce n'est pas la meme presentation mais en gros ya marqué la meme chose !


[General]
App	= "BitDefender Online Scanner v8"
Date	= 10:06:2008
Time	= 17:44:56
Scan Path	= C:\;D:\;E:\;F:\;G:\;H:\;I:\;

[Engines Info]
Virus Definitions	= 1257267
Engine build	= "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"
Scan plugins	= 16
Archive plugins	= 42
Unpack plugins	= 7
E-mail plugins	= 6
System plugins	= 5

[Scan Statistics]
Folders	= 6197
Files	= 77177
Archives	= 1519
Packed files	= 5017
Identified viruses	= 5
Infected files	= 6
Warnings	= 0
Suspect files	= 0
Disinfected files	= 0
Deleted files	= 6
Copied files	= 0
Moved files	= 0
Renamed files	= 0
I/O Errors	= 7

[Scan Settings]
SecondAction	= Delete
FirstAction	= Disinfect
Heuristics	= 1
Enable Warnings	= 1
Exclude Ext	= 
Extensions	= exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Scan Emails	= 1
Scan Archives	= 1
Scan Packed	= 1
Scan Files	= 1
Scan Boot	= 1
Verify Memory	= 0

[Scan Results]
Line00000011	= "C:\LOGICIELS LIBRES\EDUCATIF\CARTES DU CIEL\cdcbase276.exe Infecté par: Trojan.Generic.272855"
Line00000010	= "C:\LOGICIELS LIBRES\EDUCATIF\CARTES DU CIEL\cdcbase276.exe Supprimé"
Line00000009	= "C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP496\A0283415.dll Infecté par: Trojan.Vundo.ESP"
Line00000008	= "C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP496\A0283415.dll Supprimé"
Line00000007	= "C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283441.dll Infecté par: Rootkit.1007"
Line00000006	= "C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP497\A0283441.dll Supprimé"
Line00000005	= "C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP500\A0287077.dll Infecté par: MemScan:Trojan.Vundo.ESK"
Line00000004	= "C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP500\A0287077.dll Supprimé"
Line00000003	= "C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP503\A0288842.exe Infecté par: Trojan.Generic.272855"
Line00000002	= "C:\System Volume Information\_restore{CEEFC400-7250-4EB9-8206-F73F4C99AFE3}\RP503\A0288842.exe Supprimé"
Line00000001	= "C:\Temp\hEmm0012.exe Infecté par: MemScan:Trojan.Downloader.Small.BUY"
Line00000000	= "C:\Temp\hEmm0012.exe Supprimé"

Utilisateur anonyme · Answer

Et maintenant, le PC, comment va-t-il ?

naiki31 · Answer

Ben depuis que je l'ai rallumer ce matin je n'ai pas eu une seule pub donc apparemment ca a lair detre parfait !
Merci encore pour tout !

Utilisateur anonyme · Answer

* Je t'invite à lire ceci :
*https://www.malekal.com/proteger-pc-virus-pirates/
*http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/mesures_preventives_avant_navigation_sinternet_et_entretien-346836/messages-1.html
*Utilise Windows Update
*Télécharge https://filehippo.com/windows/tuning-utilities/ tu l'installes et il te liste ce qu'il faut mettre à jour avec les liens correspondants.


*Télécharge ToolsCleaner (A.Rothstein) sur ton Bureau:
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
*Clique sur Recherche et laisse le scan se terminer.
*Clique sur Suppression pour finaliser.
*Tu peux, si tu le souhaites, te servir des Options facultatives.
*Clique sur Quitter, pour que le rapport puisse se créer.
*Poste le rapport C:\TCleaner.txt

------------------------------------------------------------------------------------------­­-------------------------

1.Ouvre le Menu Démarrer
2.Clique-droit sur Poste de travail
3.Clique sur Propriétés
4.Positionne-toi dans l'onglet Restauration du système
5.Coche Désactiver la restauration système
6.Valide par Ok
7.Redémarre
8.Reproduis les manipulations 1 à 3
9.Décoche Désactiver la restauration système
10.Valide par Ok

------------------------------------------------------------------------------------------­­-------------------------

*Télécharge Ccleaner :
Clique sur le premier Download now > Choisis la version Slim
Installe Ccleaner.
Nettoie Windows et la base de registre en suivant ce tuto :
https://www.malekal.com/tutoriel-ccleaner/#mozTocId223895

------------------------------------------------------------------------------------------­­-------------------------

*Désinstalle Avast!
https://www.avast.com/fr-fr/uninstall-utility

*Installe Antivir
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
https://www.malekal.com/avira-free-security-antivirus-gratuit/
*Paramètre le
https://www.astucesinternet.com/modules/news/article.php?storyid=253
*Quand Antivir se met à jour, il affiche une popup. Voilà comment la supprimer :
https://forum.malekal.com/viewtopic.php?p=45326

*Antivir VS Avast!
http://forum.malekal.com/ftopic3528.php

naiki31 · Answer

J'avais deja Ccleaner, je l'utilise de temps en temps, et j'avait trouvé un tuto pour installer antivir en désinstallant avast donc c'est fait aussi !

Voici le rapport de Tcleaner :

-->- Recherche: 

C:\SDFIX: trouvé !
C:\Vundofix backups: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\ERIC\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\ERIC\Bureau\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\ERIC\Bureau\Anti-virus\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\ERIC\Bureau\Anti-virus\vundoFix.exe: trouvé !
C:\Documents and Settings\ERIC\Bureau\Anti-virus\HijackThis.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\ERIC\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\ERIC\Bureau\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\ERIC\Bureau\Anti-virus\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\ERIC\Bureau\Anti-virus\vundoFix.exe: supprimé !
C:\Documents and Settings\ERIC\Bureau\Anti-virus\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\SDFIX: supprimé !
C:\Vundofix backups: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !

naiki31 · Answer

Par contre quand je fais clik droit sur poste de travail puis propriété, je n'ai pas "restauration du systeme"

Utilisateur anonyme · Answer

Bizarre..

Tu n'as pas d'onglet Restauration système ? Vraiment étrange

naiki31 · Answer

Oui voila, j'ai enregistré l'ecran http://www.hebergementimages.com/images/1213130400_ecran.jpg

Utilisateur anonyme · Answer

Ok

En fait le clic droit est à faire sur Poste de travail dans le menu démarrer et non après avec cliqué sur Poste de travail

En fait, toi tu as cliqué sur Poste de travail, puis clique droit sur C:\, normal que tu ne trouves pas la restauration système :)

naiki31 · Answer

ah ok ! je suis bete ! 
Ben ca y est je l'ai fait  !!

Utilisateur anonyme · Answer

Tu ne savais pas, c'est différent.

Tu peux mettre ton sujet en résolu si tu le juges résolu ;)

naiki31 · Answer

Oui c'est bon. Merci encore !
J'aimerais juste savoir les logiciels que je peux supprimer !

Utilisateur anonyme · Answer

C'est-à-dire ?

naiki31 · Answer

Ben navilog (je crois qu'il s'est effacé avec tools cleaner non ?)
SDFix, OTMoveIt, Vundofix ...
Mawarebyte est bien je vais le garder pour nettoyé de temps en temps

Utilisateur anonyme · Answer

Ils ont tous été nettoyé grâce à ToolsCleaner.

Garde MalwareByte's oui, il n'a pas été supprimé par Toolscleaner celui ci ;)

naiki31 · Answer

Ah ok ! par contre j'ai un dossie fix_svchost_fr. je dois en faire quoi ?
Sinon c'est bon mon probleme est résolu merci beaucoup !

Utilisateur anonyme · Answer

C'est le correctif pour Avast car il détecte un faux positif : svchost.exe

Donc tu peux le supprimer.

Bon surf !

naiki31 · Answer

ok ben merci pour tout ! le probleme est résolu. 1000 merci !!

Utilisateur anonyme · Answer

;)

Bon surf

Rapport Hijack this - Page 3

Discussions similaires

Newsletters