Trojan-spy.html.bnakfraud.dq

Résolu
duke05 -  
gobiel Messages postés 1005 Statut Contributeur -
Bonjour à tous,

j'ai un petit soucis. Depuis quelques jours j'ai une fenêtre de mon pare feu qui s'ouvre en m'indiquant "trojan-spy.html.bnakfraud.dq" ou "trojan-spy.win32.keylogger.aa" ou encore "trojan.clicker.win32.tiny.h"

Si je clique sur enable protection, ça m'envoie sur pc antispy...

Ayant lu quelque forum dont plusieurs personnes dans le même cas que moi voici les rapports de HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:47:15, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\qzglqbml.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\qzglqbml.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [monen] C:\WINDOWS\system32\qzglqbml.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 18729 bytes

------------------------------------------------------------------------------------------------------------------------------------------------------------

Le rapport de SDFix (que j'ai fait tourné en mode sans échec):

[b]SDFix: Version 1.235 /b
Run by utilisateur on 15/10/2008 at 09:14

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:

C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

[b]Checking files/b:

[b]Genuine/b:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

[b]Dummy/b:
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

[b]Final Check/b:

[b]Genuine/b:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files /b:

Trojan Files Found:

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\.security - Deleted
C:\Documents and Settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\.security - Deleted
C:\WINDOWS\system32\wini104552663.exe - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 09:25:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b0,c3,82,7a,bb,37,38,39,d2,43,a4,13,bc,43,b4,51,9f,ba,1e,51,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,40,0b,d1,8e,91,68,cf,33,78,5e,66,da,d4,2b,d8,9a,96,..
"khjeh"=hex:f9,4f,19,75,16,b8,59,e2,32,cf,b6,7b,8d,bf,86,06,3a,04,09,50,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:18,e9,5c,7f,55,6b,a4,5e,ca,90,77,ea,f0,6d,f8,2e,74,e9,0e,6f,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b0,c3,82,7a,bb,37,38,39,d2,43,a4,13,bc,43,b4,51,9f,ba,1e,51,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,40,0b,d1,8e,91,68,cf,33,78,5e,66,da,d4,2b,d8,9a,96,..
"khjeh"=hex:f9,4f,19,75,16,b8,59,e2,32,cf,b6,7b,8d,bf,86,06,3a,04,09,50,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:18,e9,5c,7f,55,6b,a4,5e,ca,90,77,ea,f0,6d,f8,2e,74,e9,0e,6f,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b0,c3,82,7a,bb,37,38,39,d2,43,a4,13,bc,43,b4,51,9f,ba,1e,51,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,40,0b,d1,8e,91,68,cf,33,78,5e,66,da,d4,2b,d8,9a,96,..
"khjeh"=hex:f9,4f,19,75,16,b8,59,e2,32,cf,b6,7b,8d,bf,86,06,3a,04,09,50,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:18,e9,5c,7f,55,6b,a4,5e,ca,90,77,ea,f0,6d,f8,2e,74,e9,0e,6f,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b0,c3,82,7a,bb,37,38,39,d2,43,a4,13,bc,43,b4,51,9f,ba,1e,51,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,40,0b,d1,8e,91,68,cf,33,78,5e,66,da,d4,2b,d8,9a,96,..
"khjeh"=hex:f9,4f,19,75,16,b8,59,e2,32,cf,b6,7b,8d,bf,86,06,3a,04,09,50,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:18,e9,5c,7f,55,6b,a4,5e,ca,90,77,ea,f0,6d,f8,2e,74,e9,0e,6f,17,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{314B7C93-A30C-5F00-BBC7-9CD7BE73FDBE}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76E3886F-62FA-568B-7825-DEC4731DB823}]
"dbbhomipnfnfbmgklodnbhicmknabdklimbfjcnd"=hex:6a,61,6e,6e,63,67,66,66,6f,65,6d,6e,63,62,6d,65,65,62,69,64,00,..
"cbphincooolapfhidbmpfnogceodlhnepakepp"=hex:6a,61,63,6f,6b,6d,6c,6a,69,6d,6a,67,61,67,62,6b,62,6f,6c,6d,00,..
"iabhomipnfnfbmgklo"=hex:61,61,00,00
"haphincooolapfhi"=hex:61,61,00,00
"ianhohblpkbacpnmem"=hex:61,61,00,00
"abnhoiopaaihbmpjhbidhclcokboocgchm"=hex:61,61,00,00
"mamhbjoibjdgpjabjmafnfjgdf"=hex:61,61,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7518EE5-95C3-397F-2BA9-015D76A8AC79}]
"dbamdbbnjinfepddfhepdnodpobjioaekdemlnhb"=hex:6a,61,65,6c,68,63,69,65,70,6e,67,6a,62,6e,6a,63,63,64,63,6a,00,..
"cbolfadooplbapkggpkmblmplickaapjcfkmea"=hex:6a,61,64,6c,6e,62,6d,62,62,6a,69,69,6a,6c,6f,62,6a,70,6e,6f,00,..
"iaamdbbnjinfepddfh"=hex:61,61,00,00
"haolfadooplbapkg"=hex:61,61,00,00
"iaenlfcdkpmpfkhkdc"=hex:61,61,00,00
"abenlgjfnkjghbhogfmjdihkblhekloaap"=hex:61,61,00,00
"mafnefhjefdoknppfkhnhkfkcd"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Eidos Interactive\\CM4\\cm4.exe"="C:\\Program Files\\Eidos Interactive\\CM4\\cm4.exe:*:Enabled:cm4"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\X-Chat 2\\xchat.exe"="C:\\Program Files\\X-Chat 2\\xchat.exe:*:Enabled:X-Chat IRC Client"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Documents and Settings\\utilisateur\\xzuakl.exe"="C:\\Documents and Settings\\utilisateur\\xzuakl.exe:*:Disabled:xzuakl"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Disabled:Opera Internet Browser"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Documents and Settings\\utilisateur\\Application Data\\m\\flec006.exe"="C:\\Documents and Settings\\utilisateur\\Application Data\\m\\flec006.exe:*:Disabled:flec006"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files /b:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 14 Apr 2008 65,024 A.SH. --- "C:\WINDOWS\system32\asycfilt.dll"
Mon 14 Apr 2008 617,472 A.SH. --- "C:\WINDOWS\system32\comctl32.dll"
Mon 14 Apr 2008 1,028,096 A.SH. --- "C:\WINDOWS\system32\mfc42.dll"
Thu 2 Mar 2006 57,344 A.SH. --- "C:\WINDOWS\system32\mfc42loc.dll"
Wed 20 Sep 1995 35,088 A.SH. --- "C:\WINDOWS\system32\msjint32.dll"
Wed 20 Sep 1995 977,680 A.SH. --- "C:\WINDOWS\system32\msjt3032.dll"
Wed 20 Sep 1995 23,824 A.SH. --- "C:\WINDOWS\system32\msjter32.dll"
Mon 14 Apr 2008 413,696 A.SH. --- "C:\WINDOWS\system32\msvcp60.dll"
Mon 14 Apr 2008 343,040 A.SH. --- "C:\WINDOWS\system32\msvcrt.dll"
Thu 2 Mar 2006 253,952 A.SH. --- "C:\WINDOWS\system32\msvcrt20.dll"
Mon 14 Apr 2008 551,936 A.SH. --- "C:\WINDOWS\system32\oleaut32.dll"
Mon 14 Apr 2008 84,992 A.SH. --- "C:\WINDOWS\system32\olepro32.dll"
Mon 14 Apr 2008 30,749 A.SH. --- "C:\WINDOWS\system32\vbajet32.dll"
Sun 24 Sep 1995 243,472 A.SH. --- "C:\WINDOWS\system32\vbar2232.dll"
Mon 18 May 1998 368,912 A.SH. --- "C:\WINDOWS\system32\vbar332.dll"
Fri 23 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 25 Jun 2004 12,431,945 A..H. --- "C:\Program Files\Bodom-Child - RaBBi\RGSS\Standard\Graphics.exe"

[b]Finished!/b

Pouvez vous m'aidez?
Configuration: Windows XP pack3
Opera 9.27

14 réponses

  1. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Bonjour

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
    1. duke05
       
      Tout dabord merci de ta rapidité et de ta disponibilité.

      Voici le rapport

      -----------\\ ToolBar S&D 1.2.2 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2500+ )
      BIOS : Version 1.00
      USER : utilisateur ( Administrator )
      BOOT : Normal boot
      Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total : 39 Go Free : 13 Go
      D:\ (Local Disk) - NTFS - Total : 37 Go Free : 10 Go
      E:\ (CD or DVD) - UDF - Total : 0 Go Free : 0 Go
      F:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
      Option : [1] ( 15/10/2008|10:01 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
      C:\DOCUME~1\UTILIS~1\APPLIC~1\Search Settings
      C:\DOCUME~1\UTILIS~1\APPLIC~1\Search Settings\kb127
      C:\Program Files\Search Settings
      C:\Program Files\Search Settings\kb127
      C:\Program Files\Search Settings\SearchSettings.exe

      -----------\\ Extensions

      (utilisateur) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.google.com/?gws_rd=ssl"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Prev Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Start Page"="https://www.google.com/?gws_rd=ssl"
      "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


      --------------------\\ Recherche d'autres infections

      C:\WINDOWS\Pack.epk
      [b]==> EGDACCESS <==/b

      --------------------\\ ROOTKIT !!

      Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SROSA]
      Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\rosa]
      Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\srosa]
      Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA]
      Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\rosa]
      Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\srosa]
      Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA]
      Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\rosa]
      Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\srosa]

      --------------------\\ Cracks & Keygens ..

      C:\DOCUME~1\UTILIS~1\Application Data\Azureus\torrents\Guitar_Pro_5.0_full_crack.3976460.TPB[1].torrent



      1 - "C:\ToolBar SD\TB_1.txt" - 15/10/2008|10:02 - Option : [1]

      -----------\\ Fin du rapport a 10:02:52,09
      0
  2. gobiel Messages postés 1005 Statut Contributeur 126
     
    Fixe cela:
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\WINDOWS\system32\qzglqbml.exe
    C:\WINDOWS\system32\qzglqbml.exe
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKCU\..\Run: [monen] C:\WINDOWS\system32\qzglqbml.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    Fait ensuite un autre scan HijackThis stp
    0
  3. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Supprime ton crack :

    C:\DOCUME~1\UTILIS~1\Application Data\Azureus\torrents\Guitar_Pro_5.0_full_crack.3976460.TPB[1].torrent

    Ensuite :

    Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
    ! Ne ferme pas la fenêtre lors de la suppression !
    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.
    0
  4. duke05
     
    voici le rapport avec la suppression du crack:

    -----------\\ ToolBar S&D 1.2.2 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2500+ )
    BIOS : Version 1.00
    USER : utilisateur ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total : 39 Go Free : 13 Go
    D:\ (Local Disk) - NTFS - Total : 37 Go Free : 10 Go
    E:\ (CD or DVD) - UDF - Total : 0 Go Free : 0 Go
    F:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
    Option : [2] ( 15/10/2008|10:10 )

    -----------\\ SUPPRESSION

    Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
    Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\Search Settings
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (utilisateur) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.google.com/?gws_rd=ssl"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Prev Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\Pack.epk
    [b]==> EGDACCESS <==/b

    --------------------\\ ROOTKIT !!

    Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SROSA]
    Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\rosa]
    Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\srosa]
    Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA]
    Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\rosa]
    Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\srosa]
    Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA]
    Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\rosa]
    Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\srosa]

    1 - "C:\ToolBar SD\TB_1.txt" - 15/10/2008|10:02 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 15/10/2008|10:12 - Option : [2]

    -----------\\ Fin du rapport a 10:12:29,21
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    OK, refais un Hijackthis stp.
    0
  7. duke05
     
    voici:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:14:37, on 15/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\qzglqbml.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [monen] C:\WINDOWS\system32\qzglqbml.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bw+0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {7CD5E739-560F-4A25-99B7-68B2F1556AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    0
  8. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Va dans panneau de configuration, ajout/suppression de programmes et désinstalle Logitech Desktop Messenger.
    Cela ne sert à rien et pollue les Hijackthis comme tu as pu le constater ;-)

    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre-le sur ton Bureau à partir de ce lien :

    http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware

    A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

    Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

    Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

    Redémarre ton ordinateur en mode sans échec

    Relance MBAM grâce au raccourci présent sur ton bureau.

    Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

    MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

    A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

    Si des malwares ont été détectés, leur liste s'affiche.
    En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

    Ferme MBAM en cliquant sur Quitter.

    Poste le rapport dans ta réponse

    0
    1. duke05
       
      Bien,

      après un long scanner voici le rapport:

      Malwarebytes' Anti-Malware 1.28
      Version de la base de données: 1271
      Windows 5.1.2600 Service Pack 3

      15/10/2008 13:18:18
      mbam-log-2008-10-15 (13-18-18).txt

      Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|)
      Eléments examinés: 172204
      Temps écoulé: 2 hour(s), 34 minute(s), 26 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)

      ça m'a l'air pas trop mal, nan?
      0
  9. gobiel Messages postés 1005 Statut Contributeur 126
     
    Tu n'est plus infecté apparemment...
    0
    1. duke05
       
      Et bien la fenêtre vient de s'ouvrir à l'instant...

      Que faire? Y a t'il d'autres solutions?
      0
  10. gobiel Messages postés 1005 Statut Contributeur 126
     
    On peut toujours essayer un SmitFraudFix???
    Bon, je laisse Toptitbal parcequ'il à l'air plus calé que moi
    (je sais pas interpréter SmitFraudFix ni Toolbar S/D)
    0
    1. duke05
       
      rapport de smitFraudFix:

      SmitFraudFix v2.361

      Rapport fait à 13:55:30,07, 15/10/2008
      Executé à partir de C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\qzglqbml.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Opera\Opera.exe
      C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix\Policies.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utilisateur


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utilisateur\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      AntiXPVSTFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F4BD8ED-0920-457E-84C3-B3F657EA16EC}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F4BD8ED-0920-457E-84C3-B3F657EA16EC}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{7F4BD8ED-0920-457E-84C3-B3F657EA16EC}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F4BD8ED-0920-457E-84C3-B3F657EA16EC}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      Dois je faire un nettoyage en mode sans échec?
      0
  11. gobiel Messages postés 1005 Statut Contributeur 126
     
    Non, le nettoyage se fait en boot normal
    Même en ne sachant pas interpréter un scan SmitFraudFix, je vois qu'il n'a rien trouvé...
    Essaye Toolbar S/D
    0
    1. duke05
       
      -----------\\ ToolBar S&D 1.2.2 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2500+ )
      BIOS : Version 1.00
      USER : utilisateur ( Administrator )
      BOOT : Normal boot
      Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total : 39 Go Free : 13 Go
      D:\ (Local Disk) - NTFS - Total : 37 Go Free : 10 Go
      E:\ (CD or DVD) - UDF - Total : 0 Go Free : 0 Go
      F:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
      Option : [1] ( 15/10/2008|14:17 )

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ Extensions

      (utilisateur) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.google.com/?gws_rd=ssl"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Prev Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Start Page"="https://www.msn.com/fr-fr/"
      "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


      --------------------\\ Recherche d'autres infections

      C:\WINDOWS\Pack.epk
      [b]==> EGDACCESS <==/b

      --------------------\\ ROOTKIT !!

      Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SROSA]
      Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\rosa]
      Rootkit Bagle ! .. [HKLM\..\CurrentControlSet\Enum\Root\srosa]
      Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA]
      Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\rosa]
      Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\srosa]
      Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA]
      Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\rosa]
      Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\srosa]




      1 - "C:\ToolBar SD\TB_1.txt" - 15/10/2008|10:02 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - 15/10/2008|10:12 - Option : [2]
      3 - "C:\ToolBar SD\TB_3.txt" - 15/10/2008|14:18 - Option : [1]

      -----------\\ Fin du rapport a 14:18:35,10
      0
  12. gobiel Messages postés 1005 Statut Contributeur 126
     
    Ça va maintenant?
    0
    1. duke05
       
      Non...snif...rien à changé

      J'ai juste l'impression qu'elle s'ouvre de moins en moins
      0
  13. gobiel Messages postés 1005 Statut Contributeur 126
     
    Essaye les trois antivirus en ligne?
    http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php
    -1
    1. duke05
       
      Rapport de Panda active:

      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2008-10-15 19:51:16
      PROTECTIONS: 1
      MALWARE: 16
      SUSPECTS: 0
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      Avira AntiVir PersonalEdition 8.0.1.27 Yes Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix\Process.exe
      00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP700\A0083618.exe[C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP700\A0083618.exe][SDFix\apps\Process.exe]
      00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
      00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
      00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP700\A0083609.exe
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\utilisateur\Cookies\utilisateur@xiti[1].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\fkxf0de4.default\cookies.txt[.xiti.com/]
      00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\utilisateur\Cookies\utilisateur@serving-sys[2].txt
      00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\utilisateur\Cookies\utilisateur@bs.serving-sys[2].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\utilisateur\Cookies\utilisateur@weborama[1].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\utilisateur\Cookies\utilisateur@smartadserver[2].txt
      00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No D:\sos bast 281006\Documents and Settings\BAST\Cookies\bast@systemdoctor[1].txt
      00413825 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP696\A0083198.exe
      00505447 Cookie/Winantivirus TrackingCookie No 0 Yes No D:\sos bast 281006\Documents and Settings\BAST\Cookies\bast@go.winantispyware[1].txt
      00505449 Cookie/Winantivirus TrackingCookie No 0 Yes No D:\sos bast 281006\Documents and Settings\BAST\Cookies\bast@winantispyware[1].txt
      00530383 Cookie/DriveCleaner TrackingCookie No 0 Yes No D:\sos bast 281006\Documents and Settings\BAST\Cookies\bast@go.drivecleaner[1].txt
      02897073 Cookie/Revenue TrackingCookie No 0 Yes No D:\sos bast 281006\Documents and Settings\BAST\Cookies\bast@adsrevenue[1].txt
      03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix.exe
      03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP700\A0083618.exe[C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP700\A0083618.exe][SDFix\apps\Cghtme.exe]
      03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP700\A0083618.exe[C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP700\A0083618.exe][SDFix\catchme.exe]
      03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe
      03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP696\A0083223.exe[327882R2FWJFW\catchme.cfexe]
      03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP700\A0083599.exe
      03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP700\A0083598.exe
      03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe
      03852919 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP696\A0083125.exe
      03859025 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{51A33506-EB0E-4BB3-B857-9F9F573CE45E}\RP696\A0083199.exe
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location a
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description a
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================


      rapport de bitdefender:

      BitDefender Online Scanner



      Rapport d'analyse généré à: Wed, Oct 15, 2008 - 21:01:17





      Voie d'analyse: A:\;C:\;D:\;E:\;F:\;







      Statistiques

      Temps
      00:49:19

      Fichiers
      119558

      Directoires
      12243

      Secteurs de boot
      0

      Archives
      1862

      Paquets programmes
      8461




      Résultats

      Virus identifiés
      3

      Fichiers infectés
      3

      Fichiers suspects
      0

      Avertissements
      0

      Désinfectés
      0

      Fichiers effacés
      3




      Info sur les moteurs

      Définition virus
      1737651

      Version des moteurs
      AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

      Analyse des plugins
      14

      Archive des plugins
      40

      Unpack des plugins
      7

      E-mail plugins
      6

      Système plugins
      0




      Paramètres d'analyse

      Première action
      Désinfecté

      Seconde Action
      Supprimé

      Heuristique
      Oui

      Acceptez les avertissements
      Oui

      Extensions analysées
      exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

      Excludez les extensions


      Analyse d'emails
      Oui

      Analyse des Archives
      Oui

      Analyser paquets programmes
      Oui

      Analyse des fichiers
      Oui

      Analyse de boot
      Oui




      Fichier analysé
      Statut

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temp\WinAntiSpyware2006Setup.exe=>(Instyler o)=>(Instyler Module 0)
      Infecté par: Trojan.Generic.170112

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temp\WinAntiSpyware2006Setup.exe=>(Instyler o)=>(Instyler Module 0)
      Echec de la désinfection

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temp\WinAntiSpyware2006Setup.exe=>(Instyler o)=>(Instyler Module 0)
      Supprimé

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temp\WinAntiSpyware2006Setup.exe=>(Instyler o)
      Echec de la mise à jour

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temp\WinAntiSpyware2006Setup.exe=>(Instyler o)=>(Instyler Module 16)
      Infecté par: Trojan.Generic.660806

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temp\WinAntiSpyware2006Setup.exe=>(Instyler o)=>(Instyler Module 16)
      Echec de la désinfection

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temp\WinAntiSpyware2006Setup.exe=>(Instyler o)=>(Instyler Module 16)
      Supprimé

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temp\WinAntiSpyware2006Setup.exe=>(Instyler o)
      Echec de la mise à jour

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temporary Internet Files\Content.IE5\E1B0HKFY\Top[1].html
      Infecté par: Trojan.Script.3670

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temporary Internet Files\Content.IE5\E1B0HKFY\Top[1].html
      Echec de la désinfection

      D:\sos bast 281006\Documents and Settings\BAST\Local Settings\Temporary Internet Files\Content.IE5\E1B0HKFY\Top[1].html
      Supprimé



      Le troisième antivirus (Kaspersky) ne fonctionne pas.
      0
  14. duke05
     
    J'ai redémarrer mon pc et la fenêtre ne s'est pas encore ouverte, donc problème réglé...pour le moment :)

    En tout cas merci à vous deux pour votre aide!
    0
  15. gobiel Messages postés 1005 Statut Contributeur 126
     
    Bon, la leçon que nous avons retenu est que:
    Vive les désinfecteurs en ligne!!^^

    Pour KIS, il voit mais ne désinfecte pas!
    0