Sujet Précédent Sujet Suivant

Av2009

alma -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j'ai été infecté par le virus av2009, j'ai fais un scan avec hijack this. Le rapport est le suivant, quelqu'un peut il m'aider et me donner la démarche à suivre pour éliminer ce virus.

Merci d'avance à tous.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:58, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AV9\av2009.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [bc42f4e3] rundll32.exe "C:\WINDOWS\system32\slhvysjo.dll",b
O4 - HKLM\..\Run: [BMbf71c77f] Rundll32.exe "C:\WINDOWS\system32\curvuipr.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [42025056293864790932252187764881] C:\Program Files\AV9\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/aurigma/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

11 réponses

Réponse 1 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

___________________

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
alma
 
VOICI CE QComboFix 08-08-10.05 - Utilisateur 2008-08-11 22:18:12.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.186 [GMT 2:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\combofix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\GamesBar\oberontb.dll
C:\WINDOWS\BMbf71c77f.txt
C:\WINDOWS\BMbf71c77f.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bfpflkuh.ini
C:\WINDOWS\system32\bsvbqdeg.dll
C:\WINDOWS\system32\bvsviq.dll
C:\WINDOWS\system32\curvuipr.dll
C:\WINDOWS\system32\cvjkpesh.dll
C:\WINDOWS\system32\cyyfavpk.ini
C:\WINDOWS\system32\djleunel.dll
C:\WINDOWS\system32\dqepbucr.dll
C:\WINDOWS\system32\ekefotuv.ini
C:\WINDOWS\system32\ekpnfqpr.ini
C:\WINDOWS\system32\emmvfc.dll
C:\WINDOWS\system32\fjhpkddg.dll
C:\WINDOWS\system32\fnokpw.dll
C:\WINDOWS\system32\gddkphjf.ini
C:\WINDOWS\system32\guhenexw.dll
C:\WINDOWS\system32\hhhbeo.dll
C:\WINDOWS\system32\htycpqge.ini
C:\WINDOWS\system32\iepmrh.dll
C:\WINDOWS\system32\jgbtsp.dll
C:\WINDOWS\system32\jhaeow.dll
C:\WINDOWS\system32\jlabhoxq.ini
C:\WINDOWS\system32\jnmglhtq.dll
C:\WINDOWS\system32\jpxhrjem.dll
C:\WINDOWS\system32\kvdawfdv.ini
C:\WINDOWS\system32\lireoown.dll
C:\WINDOWS\system32\lpfvosqr.dll
C:\WINDOWS\system32\lRCLUvut.ini
C:\WINDOWS\system32\lRCLUvut.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgfghuys.dll
C:\WINDOWS\system32\mnlylb.dll
C:\WINDOWS\system32\mtuymqrf.dll
C:\WINDOWS\system32\munbsh.dll
C:\WINDOWS\system32\ndnhetoe.dll
C:\WINDOWS\system32\nezddz.dll
C:\WINDOWS\system32\nvfmccyx.ini
C:\WINDOWS\system32\nxrkmfhv.ini
C:\WINDOWS\system32\ojsyvhls.ini
C:\WINDOWS\system32\oqugymlv.dll
C:\WINDOWS\system32\oyiebm.dll
C:\WINDOWS\system32\pcsmssao.ini
C:\WINDOWS\system32\podcdipt.dll
C:\WINDOWS\system32\quqqbukt.dll
C:\WINDOWS\system32\qvinqcpj.dll
C:\WINDOWS\system32\qxohbalj.dll
C:\WINDOWS\system32\REGOBJ.DLL
C:\WINDOWS\system32\slhvysjo.dll
C:\WINDOWS\system32\tuvULCRl.dll
C:\WINDOWS\system32\ucqbtqjq.ini
C:\WINDOWS\system32\unntrfgt.ini
C:\WINDOWS\system32\uwxuyqvg.ini
C:\WINDOWS\system32\veovsh.dll
C:\WINDOWS\system32\vetnvddl.dll
C:\WINDOWS\system32\wcxhtmhc.ini
C:\WINDOWS\system32\wyuospeg.ini
C:\WINDOWS\system32\xaxhosol.dll
C:\WINDOWS\system32\xyvhghbq.dll
C:\WINDOWS\system32\ycuqeytk.dll
C:\WINDOWS\system32\yvxbuuej.ini
C:\WINDOWS\system32\zwdksi.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))))))))
.

2008-08-11 20:50 . 2008-08-11 20:50 2,048 --a------ C:\WINDOWS\system32\nqrgbtcd.exe
2008-08-11 20:06 . 2008-08-11 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-08-10 21:11 . 2008-08-10 21:11 2,048 --a------ C:\WINDOWS\system32\yujojpvp.exe
2008-08-09 13:33 . 2008-08-09 13:33 2,048 --a------ C:\WINDOWS\system32\oqgnloxg.exe
2008-08-08 21:45 . 2008-08-11 22:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-08 21:45 . 2008-08-08 21:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-08 19:40 . 2008-08-08 19:40 2,048 --a------ C:\WINDOWS\system32\tfgcnvks.exe
2008-08-07 21:02 . 2008-08-07 21:02 2,048 --a------ C:\WINDOWS\system32\pdgpayvi.exe
2008-08-06 19:30 . 2008-08-06 19:30 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Symantec
2008-08-06 19:28 . 2008-08-06 19:28 2,048 --a------ C:\WINDOWS\system32\mgoqhxgh.exe
2008-08-06 19:24 . 2008-08-06 19:24 <REP> d-------- C:\Program Files\Windows Sidebar
2008-08-06 19:21 . 2008-08-06 19:27 <REP> d-------- C:\Program Files\Norton Internet Security
2008-08-06 19:17 . 2008-08-08 21:34 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-06 19:17 . 2008-08-08 21:34 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-06 19:17 . 2008-08-08 21:34 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-06 19:17 . 2008-08-08 21:34 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-05 19:36 . 2008-08-05 19:36 2,048 --a------ C:\WINDOWS\system32\cgufqjab.exe
2008-08-02 17:19 . 2008-08-02 17:19 <REP> d-------- C:\Program Files\AV9
2008-07-30 19:17 . 2008-07-30 19:17 294 ---hs---- C:\WINDOWS\system32\tarbdwjc.ini
2008-07-22 21:37 . 2008-07-22 21:37 43,521 ---hs---- C:\WINDOWS\system32\ienabrhi.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 20:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-11 20:19 --------- d-----w C:\Program Files\GamesBar
2008-08-11 20:09 --------- d-----w C:\Program Files\Wanadoo
2008-08-11 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-08-08 19:34 --------- d-----w C:\Program Files\Symantec
2008-08-06 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-06 06:05 --------- d-----w C:\Program Files\GEOMAG SA
2008-06-25 13:30 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-02-24 18:41 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 16:50 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-17 09:39 32768]
"42025056293864790932252187764881"="C:\Program Files\AV9\av2009.exe" [2008-08-02 17:19 973312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-08-20 21:24 151552]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-26 13:01 4632576]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 18:32 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04 114741]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 16:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 18:55 32768]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-25 19:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 00:49 718704]
"nwiz"="nwiz.exe" [2004-10-26 13:01 921600 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-17 09:39:14 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 08:03 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\Symantec Shared\\NPC\\2.0\\uiStub2.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-01-25 19:47]
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 12:53]
S3 NAL;Nal Service ;C:\WINDOWS\System32\Drivers\iqvw32.sys [2002-11-22 21:01]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-07-31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-08-11 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Utilisateur.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-bc42f4e3 - C:\WINDOWS\system32\slhvysjo.dll
HKLM-Run-BMbf71c77f - C:\WINDOWS\system32\mgfghuys.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 22:23:52
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-11 22:26:13
ComboFix-quarantined-files.txt 2008-08-11 20:26:07

Pre-Run: 1,659,318,272 octets libres
Post-Run: 2,717,765,632 octets libres

228 --- E O F --- 2008-07-15 17:10:56
UE ME DONNE COMBOFIX
0
alma
 
ET VOICI CE QUE DONNE TOOLBAR :
eNCORE MERCI DE VOTRE AIDE

-----------\\ ToolBar S&D 1.0.8 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Utilisateur ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 11/08/2008 | 22:31:01,45 ] [ PC : VALERIE ]
[ MAJ : 04-08-2008 | 23:15 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-17-08-20-43
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-17-08-20-43.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-01-19-48-30
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-01-19-48-30.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-08-11-19-50-21
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-08-11-19-50-21.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\around_the_world_in_80_days16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\BigCity_SF16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\build_in_time16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diner_dash_hometown_hero16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\fishdom16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\heart_of_egypt16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_quest_316x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\lambs_of_dreams16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\magic_farm16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mah_jong_quest_316x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mystery_museum16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peril_at_end_house16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\ranch_rush16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\treasures_of_ancient_cavern16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtual_farm16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\OBGet.exe
C:\Program Files\GamesBar\uninst.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


-----------\\ Fin du rapport a 22:31:25,30
0
Réponse 2 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
relance toolsbar sd et choisi l'option 2 et colles le rapport

_____________

analyse ces fichiers sur virus total et colles les rapports ou dis lesquels ont O size ou sont considérés comme infecté:

https://www.virustotal.com/gui/

C:\WINDOWS\system32\nqrgbtcd.exe
C:\WINDOWS\system32\yujojpvp.exe
C:\WINDOWS\system32\oqgnloxg.exe
C:\WINDOWS\system32\tfgcnvks.exe
C:\WINDOWS\system32\pdgpayvi.exe
C:\WINDOWS\system32\mgoqhxgh.exe
C:\WINDOWS\system32\cgufqjab.exe
C:\WINDOWS\system32\tarbdwjc.ini
C:\WINDOWS\system32\ienabrhi.ini
0
alma
 
Bonjour, et merci encore.
Tous les fichiers en .exe donnent un résultat de 8/35
Je ne trouve pas les 2 fichiers en .ini est ce normal ?

Bonne journée
0
Réponse 3 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

si tu n'as pas fais:

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

______________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\nqrgbtcd.exe
C:\WINDOWS\system32\yujojpvp.exe
C:\WINDOWS\system32\oqgnloxg.exe
C:\WINDOWS\system32\tfgcnvks.exe
C:\WINDOWS\system32\pdgpayvi.exe
C:\WINDOWS\system32\mgoqhxgh.exe
C:\WINDOWS\system32\cgufqjab.exe
C:\Program Files\AV9\av2009.exe
C:\Program Files\AV9
C:\Program Files\GamesBar

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"42025056293864790932252187764881"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis tes soucis actuels

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

____________________
0
alma
 
me revoici.

voilà le rapport de toolbar après avoir cliquer sur 2 :
encore merci pour l'aide

-----------\\ ToolBar S&D 1.0.8 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Utilisateur ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
[ 12/08/2008 | 18:21:49,27 ] [ PC : VALERIE ]
[ MAJ : 04-08-2008 | 23:15 ]

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-17-08-20-43
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-02-17-08-20-43.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-01-19-48-30
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-01-19-48-30.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-08-11-19-50-21
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-08-11-19-50-21.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\around_the_world_in_80_days16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\BigCity_SF16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\build_in_time16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diner_dash_hometown_hero16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\fishdom16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\heart_of_egypt16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_quest_316x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\lambs_of_dreams16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\magic_farm16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mah_jong_quest_316x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mystery_museum16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peril_at_end_house16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\ranch_rush16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\treasures_of_ancient_cavern16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtual_farm16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
Supprime! - C:\Program Files\GamesBar\Localization-French.ini
Supprime! - C:\Program Files\GamesBar\OBGet.exe
Supprime! - C:\Program Files\GamesBar\uninst.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
Supprime! - C:\Program Files\GamesBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


-----------\\ Fin du rapport a 18:24:03,01
0
alma
 
voici le rapport de combofix

ComboFix 08-08-10.05 - Utilisateur 2008-08-12 18:34:26.2 - NTFSx86
Endroit: C:\Documents and Settings\Utilisateur\Bureau\combofix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))))))))
.

2008-08-11 22:30 . 2008-08-12 18:24 <REP> d-------- C:\Toolbar SD
2008-08-11 20:50 . 2008-08-11 20:50 2,048 --a------ C:\WINDOWS\system32\nqrgbtcd.exe
2008-08-11 20:06 . 2008-08-11 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-08-10 21:11 . 2008-08-10 21:11 2,048 --a------ C:\WINDOWS\system32\yujojpvp.exe
2008-08-09 13:33 . 2008-08-09 13:33 2,048 --a------ C:\WINDOWS\system32\oqgnloxg.exe
2008-08-08 21:45 . 2008-08-12 14:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-08 21:45 . 2008-08-08 21:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-08 19:40 . 2008-08-08 19:40 2,048 --a------ C:\WINDOWS\system32\tfgcnvks.exe
2008-08-07 21:02 . 2008-08-07 21:02 2,048 --a------ C:\WINDOWS\system32\pdgpayvi.exe
2008-08-06 19:30 . 2008-08-06 19:30 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Symantec
2008-08-06 19:28 . 2008-08-06 19:28 2,048 --a------ C:\WINDOWS\system32\mgoqhxgh.exe
2008-08-06 19:24 . 2008-08-06 19:24 <REP> d-------- C:\Program Files\Windows Sidebar
2008-08-06 19:21 . 2008-08-06 19:27 <REP> d-------- C:\Program Files\Norton Internet Security
2008-08-06 19:17 . 2008-08-08 21:34 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-06 19:17 . 2008-08-08 21:34 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-06 19:17 . 2008-08-08 21:34 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-06 19:17 . 2008-08-08 21:34 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-05 19:36 . 2008-08-05 19:36 2,048 --a------ C:\WINDOWS\system32\cgufqjab.exe
2008-08-02 17:19 . 2008-08-02 17:19 <REP> d-------- C:\Program Files\AV9
2008-07-30 19:17 . 2008-07-30 19:17 294 ---hs---- C:\WINDOWS\system32\tarbdwjc.ini
2008-07-22 21:37 . 2008-07-22 21:37 43,521 ---hs---- C:\WINDOWS\system32\ienabrhi.ini
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
0
alma
 
Et le rapport Hijackyhis, pour moi c'est du chinois !!
merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14, on 2008-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AV9\av2009.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [42025056293864790932252187764881] C:\Program Files\AV9\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/aurigma/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
0
Réponse 4 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu as mal fais ceci : recommence!

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\nqrgbtcd.exe
C:\WINDOWS\system32\yujojpvp.exe
C:\WINDOWS\system32\oqgnloxg.exe
C:\WINDOWS\system32\tfgcnvks.exe
C:\WINDOWS\system32\pdgpayvi.exe
C:\WINDOWS\system32\mgoqhxgh.exe
C:\WINDOWS\system32\cgufqjab.exe
C:\Program Files\AV9\av2009.exe
C:\Program Files\AV9
C:\Program Files\GamesBar

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"42025056293864790932252187764881"=-

Enregistre ce fichier sous le nom CFscript (attention aux majuscules et minuscules)

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis tes soucis actuels

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

____________________
0
alma
 
J'ai relancé le fichier CFscript sur Combofix mais je ne sais pas si ça a marché, je suis bloqué sur la fenêtre bleue à la fin qui mentionne en attente du rapport, et je suis obliger de faire un arrêt "brutal" car au bout de 30 minutes il n'y a toujours rien qqui s'affiche.
Voici le rapport.... A suivre


ComboFix 08-08-10.05 - Utilisateur 2008-08-12 20:52:10.3 - NTFSx86
Endroit: C:\Documents and Settings\Utilisateur\Bureau\combofix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Program Files\AV9
C:\Program Files\AV9\av2009.exe
C:\Program Files\GamesBar
C:\WINDOWS\system32\cgufqjab.exe
C:\WINDOWS\system32\mgoqhxgh.exe
C:\WINDOWS\system32\nqrgbtcd.exe
C:\WINDOWS\system32\oqgnloxg.exe
C:\WINDOWS\system32\pdgpayvi.exe
C:\WINDOWS\system32\tfgcnvks.exe
C:\WINDOWS\system32\yujojpvp.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\Documents and Settings\Utilisateur\Bureau\Antivirus 2009.lnk
C:\Documents and Settings\Utilisateur\Menu Démarrer\Antivirus 2009
C:\Documents and Settings\Utilisateur\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk
C:\Documents and Settings\Utilisateur\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk
C:\Program Files\AV9\av2009.exe
C:\WINDOWS\system32\cgufqjab.exe
C:\WINDOWS\system32\mgoqhxgh.exe
C:\WINDOWS\system32\nqrgbtcd.exe
C:\WINDOWS\system32\oqgnloxg.exe
C:\WINDOWS\system32\pdgpayvi.exe
C:\WINDOWS\system32\tfgcnvks.exe
C:\WINDOWS\system32\yujojpvp.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))))))))
.

2008-08-11 22:30 . 2008-08-12 18:24 <REP> d-------- C:\Toolbar SD
2008-08-11 20:06 . 2008-08-11 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-08-08 21:45 . 2008-08-12 19:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-08 21:45 . 2008-08-08 21:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-06 19:30 . 2008-08-06 19:30 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Symantec
2008-08-06 19:24 . 2008-08-06 19:24 <REP> d-------- C:\Program Files\Windows Sidebar
2008-08-06 19:21 . 2008-08-06 19:27 <REP> d-------- C:\Program Files\Norton Internet Security
2008-08-06 19:17 . 2008-08-08 21:34 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-06 19:17 . 2008-08-08 21:34 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-06 19:17 . 2008-08-08 21:34 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-06 19:17 . 2008-08-08 21:34 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-02 17:19 . 2008-08-12 20:52 <REP> d-------- C:\Program Files\AV9
2008-07-30 19:17 . 2008-07-30 19:17 294 ---hs---- C:\WINDOWS\system32\tarbdwjc.ini
2008-07-22 21:37 . 2008-07-22 21:37 43,521 ---hs---- C:\WINDOWS\system32\ienabrhi.ini
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 18:51 --------- d-----w C:\Program Files\Wanadoo
2008-08-12 18:50 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-08 19:34 --------- d-----w C:\Program Files\Symantec
2008-08-06 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-06 06:05 --------- d-----w C:\Program Files\GEOMAG SA
2008-06-25 13:30 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-02-24 18:41 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-08-11_22.25.42.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-04 09:10:10 208,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingDevice.dll
+ 2008-02-04 09:06:54 417,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\ImagingServices.dll
+ 2008-02-04 09:08:42 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\LiveAlbumXCtrl.dll
+ 2008-02-04 09:07:46 1,779,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\MicrosoftEffects.dll
+ 2008-02-04 09:05:04 46,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\PhotoViewerShim.dll
+ 2008-02-04 09:06:46 372,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXAlbumDownloadWizard.exe
+ 2008-02-01 10:23:12 279,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\wlxclip.dll
+ 2008-02-01 10:13:40 191,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXDSPA.dll
+ 2008-02-04 09:10:02 130,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXGrinderScheduler.dll
+ 2008-02-04 09:06:00 59,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXImageTranscode.dll
+ 2008-02-04 09:08:26 712,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXMediaPublishSubscribe.dll
+ 2008-02-01 10:17:40 587,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPGSS.SCR
+ 2008-02-04 09:07:22 1,565,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcq.dll
+ 2008-02-01 10:13:40 227,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoAcquireWizard.exe
+ 2008-02-04 09:08:38 86,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoCinematic.dll
+ 2008-02-04 09:08:32 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoClassic.dll
+ 2008-02-04 09:09:08 125,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGallery.exe
+ 2008-02-01 10:13:42 16,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoGalleryRepair.exe
+ 2008-02-04 09:06:54 394,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoLibraryDatabase.dll
+ 2008-02-04 09:06:20 1,515,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoViewer.dll
+ 2008-02-04 09:06:20 1,250,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPhotoVoyager.dll
+ 2008-02-04 09:06:18 752,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipeline.dll
+ 2008-02-04 09:06:14 734,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXPipetran.dll
+ 2008-02-01 10:13:42 101,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHost.exe
+ 2008-02-04 09:05:00 20,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeControlHostPS.dll
+ 2008-02-04 09:05:04 53,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXQuickTimeShellExt.dll
+ 2008-02-04 09:08:42 85,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXThumbCache.dll
+ 2008-02-04 09:10:04 144,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVAFilt.dll
+ 2008-02-04 09:07:40 675,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoAcquireWizard.exe
+ 2008-02-04 09:07:10 69,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoCameraAutoPlayManager.exe
+ 2008-02-04 09:10:10 165,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\812AF07A89569CA418D33695C7D50D86\12.0.1329\WLXVideoTrim.dll
- 2008-03-04 18:02:04 123,008 ----a-r C:\WINDOWS\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe
+ 2008-08-12 05:36:40 123,008 ----a-r C:\WINDOWS\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 16:50 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-17 09:39 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-08-20 21:24 151552]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-26 13:01 4632576]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 18:32 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04 114741]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 16:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 18:55 32768]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-25 19:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 00:49 718704]
"nwiz"="nwiz.exe" [2004-10-26 13:01 921600 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-17 09:39:14 450560]
0
alma
 
Voici le rapport Hijackthis, je n'arrive pas à voir si ça a changé qqch.
Merci de ton aide précieuse



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42, on 2008-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/aurigma/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8A392B70-8767-471F-8F88-6EB066D7DBD8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok c'est bon cette fois

encore des soucis?
0
alma
 
Apparement, l'icone a disparu, et je n'ai plus de fenêtre d'alerte virus qui s'ouvre sans arrêt, ça à l'air tout bon.
Franchement, mille mercis, je ne sais pas comment j'aurais fais sans toi.
Merci pour ta patience et ton efficacité...
0
Réponse 6 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vires combofix et toolsbar sd de ton ordi

___________

pour verifier:

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0
alma
 
Voici le résultat fais avec pandasoftware...
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-13 07:49:17
PROTECTIONS: 1
MALWARE: 49
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus Internet Security 2008 15.5.0.23 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Cookies\utilisateur@doubleclick[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Toolbar SD\Process.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP591\A0096860.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
03363358 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095516.dll
03363358 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095510.dll
03378104 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP572\A0076120.dll
03378104 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP572\A0076121.dll
03378111 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095517.dll
03378114 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP574\A0077118.dll
03393011 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\vetnvddl.dll.vir
03393011 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095573.dll
03393011 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\iepmrh.dll.vir
03393011 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095551.dll
03398328 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP574\A0077119.dll
03403332 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP575\A0079118.dll
03403361 Trj/ConHook.DW Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095515.dll
03403363 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0092507.dll
03403363 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095508.dll
03403394 Trj/Conhook.DX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095514.dll
03403471 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0092504.dll
03403471 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095513.dll
03403478 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095549.dll
03403478 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095575.dll
03403478 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\xyvhghbq.dll.vir
03403478 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\fnokpw.dll.vir
03408220 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\xaxhosol.dll.vir
03408220 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095574.dll
03412482 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP577\A0080135.dll
03412488 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095507.dll
03412488 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0092505.dll
03412631 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095547.dll
03412631 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ndnhetoe.dll.vir
03412631 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\emmvfc.dll.vir
03412631 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095562.dll
03431985 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095567.dll
03431985 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\quqqbukt.dll.vir
03445108 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095509.dll
03445109 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP581\A0081135.dll
03445110 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\mnlylb.dll.vir
03445110 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095559.dll
03445110 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095541.dll
03445110 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\bsvbqdeg.dll.vir
03451917 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095512.dll
03451921 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095518.dll
03452065 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095552.dll
03452065 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095576.dll
03452065 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\jgbtsp.dll.vir
03452065 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ycuqeytk.dll.vir
03452066 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP581\A0082135.dll
03452067 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095555.dll
03452067 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\jpxhrjem.dll.vir
03458851 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0095511.dll
03458851 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP587\A0092506.dll
03467220 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095569.dll
03467220 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\qxohbalj.dll.vir
03467220 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095548.dll
03467220 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\fjhpkddg.dll.vir
03467220 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP581\A0082136.dll
03469529 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\dqepbucr.dll.vir
03469529 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095560.dll
03469529 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\mtuymqrf.dll.vir
03469529 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095546.dll
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\munbsh.dll.vir
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095550.dll
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095566.dll
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\podcdipt.dll.vir
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095545.dll
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\jnmglhtq.dll.vir
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\djleunel.dll.vir
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\nezddz.dll.vir
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095561.dll
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095563.dll
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095554.dll
03469664 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\hhhbeo.dll.vir
03469738 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095568.dll
03469738 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095577.dll
03469738 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\zwdksi.dll.vir
03469738 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\qvinqcpj.dll.vir
03469788 Trj/Lineage.JHZ Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lpfvosqr.dll.vir
03469788 Trj/Lineage.JHZ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095572.dll
03469788 Trj/Lineage.JHZ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095557.dll
03469788 Trj/Lineage.JHZ Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\veovsh.dll.vir
03469789 Trj/Lineage.JHZ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP584\A0089335.dll
03469790 Trj/Lineage.JHZ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP583\A0087653.dll
03471005 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP572\A0075136.dll
03471005 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP572\A0075133.dll
03471005 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP572\A0075137.dll
03471005 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP571\A0075132.dll
03471005 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP572\A0076118.dll
03471005 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP572\A0075135.dll
03471005 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP572\A0076119.dll
03471210 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095542.dll
03471210 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\oqugymlv.dll.vir
03471210 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\bvsviq.dll.vir
03471210 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095564.dll
03471536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP583\A0087729.dll
03471852 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP584\A0090329.dll
03471853 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095553.dll
03471853 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\cvjkpesh.dll.vir
03471853 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095544.dll
03471853 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\jhaeow.dll.vir
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP591\A0096853.exe
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\nqrgbtcd.exe.vir
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\oqgnloxg.exe.vir
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP591\A0096852.exe
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP591\A0096848.exe
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\mgoqhxgh.exe.vir
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP591\A0096851.exe
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\tfgcnvks.exe.vir
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\yujojpvp.exe.vir
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP591\A0096854.exe
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\cgufqjab.exe.vir
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP591\A0096849.exe
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP591\A0096850.exe
03471854 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\pdgpayvi.exe.vir
03471908 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP584\A0090376.dll
03476543 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095556.dll
03476543 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lireoown.dll.vir
03476543 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\oyiebm.dll.vir
03476543 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095565.dll
03477037 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\slhvysjo.dll.vir
03477037 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP586\A0092429.dll
03477037 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095570.dll
03477040 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095558.dll
03477040 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\mgfghuys.dll.vir
03477042 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\curvuipr.dll.vir
03477042 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095543.dll
03477209 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\guhenexw.dll.vir
03477209 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP588\A0095578.dll
03477419 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{13FB07DA-2A1A-412D-B24B-70569BEB8559}\RP586\A0092397.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location V
;===================================================================================================================================================================================
No C:\RECYCLER\S-1-5-21-790525478-1682526488-839522115-1004\Dc1.exe V
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description V
;===================================================================================================================================================================================
120815 HIGH MS06-022 V
;===================================================================================================================================================================================
0
Réponse 7 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

vide ta corbeille
_________

vire ce qui est dans le dossier quarantine en allant dans poste de travail puis
C:\QooBox\Quarantine\

___________
désactive ta resauration systeme puis redemarre ton ordi puis réactive là
http://service1.symantec.com/

______________
recolle un scan panda pour voir
0
alma
 
comment fais tu pour desactiver la restauration systeme ?
0
Réponse 8 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
cliquer sur le lien en bleu pour avoir la manip pour désactiver la restauration
0
alma
 
désolé j'arrive un peu tard ce soir, voici le dernier scan avec panda...

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-13 22:51:55
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus Internet Security 2008 15.5.0.23 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\Toolbar SD\Process.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
120815 HIGH MS06-022 
;===================================================================================================================================================================================
0
Réponse 9 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
lance tools cleaner pour virer ce que l'on a utilisé

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

________________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Toolbar SD\Process.exe
C:\WINDOWS\PSEXESVC.EXE

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
alma
 
Voici le rapport

Merci

C:\Toolbar SD\Process.exe moved successfully.
C:\WINDOWS\PSEXESVC.EXE moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_131430
0
Réponse 10 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok
vire ce qui est dans moved files en allant dans poste de travail puis C puis otmovit

encore des soucis???
0
alma
 
non, plusaucun soucis, c'est génial....
Merci beaucoup
0
Réponse 11 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire otmovit de ton ordi

______________

mets a jour adobe reader avec la version 9

et java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

bonne continuation
0