> Tous les forums > Forum Sécurité
 [résolu][Winantiviruspro 2006] encore ...
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
Dorian_lsu
  Posté le 13/10/2006 @ 08:31 
Aller en bas de la page 
Nouvel astucien
Bonjour, Je suis arrivé ici en recherchant de l'aide concernant mon petit probleme avec les fichus popups de cet antivirus bidon. Apres des essais infructueux a base de ad aware, antispy bot ou encore avast, rien n'y fait, je me retrouve toujours avec des pop-ups me proposant de télécharger ce logiciel quand je navigue. Mon firewall le bloque mais ca reste pas tres sain. Si quelqu'un pouvait me venir en aide, cela serait tres gentil. voici l'analyse réalisée par hijack: Logfile of HijackThis v1.99.1 Scan saved at 08:25:28, on 13/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Sandman\LOCALS~1\Temp\Blizzard Installer Bootstrap - 02e59093\Installer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sandman\Mes documents\Utilitaires\Outils divers\HijackThis.exe C:\Program Files\Fichiers communs\Logitech\WebColct\webcolct.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [a1d13fb5.exe] C:\Documents and Settings\Sandman\Local Settings\Application Data\a1d13fb5.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O18 - Protocol: bw+0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Merci d'avance d'avoir pris le temps de me lire.

Modifié par Dorian_lsu le 22/10/2006 12:34
Publicité
Danae/Cathy
 Posté le 13/10/2006 à 12:07 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucienne

Bonjour, Commence par appliquer les manipulations à faire que tu trouveras dans ma signature. Puis poste le rapport ewido et Hijackthis en attendant que l'on vienne s'occuper de toi. [smile]
Morgane
 Posté le 13/10/2006 à 12:11 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Maîtresse astucienne

danae58 a écrit :
Bonjour, Commence par appliquer les manipulations à faire que tu trouveras dans ma signature. Puis poste le rapport ewido et Hijackthis en attendant que l'on vienne s'occuper de toi. [smile]
Dorian_lsu, danae58 [hello] danae58, Ewido est devenu AVG Anti-Spyware, c'est celui-ci qui est dans le tuto. Bonne journée!
Dorian_lsu
 Posté le 13/10/2006 à 15:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
Merci, je ferai ca ce soir et vous donnerez un log demain.
Chercheur
 Posté le 13/10/2006 à 16:36 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour Dorian_lsu [hello] FRANCE Q, Danae58 Bienvenu sur PCAstuces [hello] En plus des rapports HijackThis et AVG Anti-Spyware, poste ce rapport. Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau. http://www.f-secure.com/blacklight/try.shtml Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe
Dorian_lsu
 Posté le 13/10/2006 à 19:52 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
Bon alors j'ai effectué toutes les opérations de prénettoyage de ma machine telles que préconisées dans vos divers liens (easy cleaner, ccleaner, avg). Voici maintenant les logs de: hijackthis Logfile of HijackThis v1.99.1 Scan saved at 19:44:14, on 13/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sandman\Mes documents\Utilitaires\Outils divers\antisaloperies\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [a1d13fb5.exe] C:\Documents and Settings\Sandman\Local Settings\Application Data\a1d13fb5.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O18 - Protocol: bw+0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe AVG: --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:32:36 13/10/2006 + Résultat de l'analyse: C:\System Volume Information\\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP115\A0013525.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP115\A0013808.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP120\A0014102.dll -> Adware.Virtumionde : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\pmnmnlj.dll -> Adware.Virtumionde : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP115\A0013809.exe -> Downloader.Zlob.ajj : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\ismini.exe -> Downloader.Zlob.ajj : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\fsjnofuc.dll -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\iuwmrfut.dll -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\unxdxmci.dll -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\sauuuvll.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport et enfin blbeta 10/13/06 19:37:56 [Info]: BlackLight Engine 1.0.47 initialized 10/13/06 19:37:56 [Info]: OS: 5.1 build 2600 (Service Pack 2) 10/13/06 19:37:57 [Note]: 7019 4 10/13/06 19:37:57 [Note]: 7005 0 10/13/06 19:37:58 [Note]: 7006 0 10/13/06 19:37:58 [Note]: 7011 1840 10/13/06 19:37:59 [Note]: 7026 0 10/13/06 19:37:59 [Note]: 7026 0 10/13/06 19:38:06 [Note]: FSRAW library version 1.7.1020 10/13/06 19:42:10 [Note]: 7007 0 Il est a noter que highjackthis plante systématiquement une fois le scan fait (mais il a le temps de rédiger son fichier de log j'ai vérifier les dates ca colle). Merci d'avance. PS: je me suis repris une saleté de pop-up m'informant que mon PC était infecté par serwab et me demandant de télécharger un antivirus douteux, donc a priori j'ai toujours des cochonneries chez moi.
Chercheur
 Posté le 13/10/2006 à 22:58 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Re Quand as tu utilisé Vundofix ? Depuis ces problèmes ou avant ? Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection. Les manipulations sont à faire sans interruption et dans l'ordre. Si tu ne comprends pas quelque chose, demande des explications avant de commencer. 1 Télécharge clean.zip http://www.malekal.com/download/clean.zip Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire. Démarre l'ordinateur. Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows. En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée. 3 Relance un scan HijackThis et coche les lignes ci-dessous : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [a1d13fb5.exe] C:\Documents and Settings\Sandman\Local Settings\Application Data\a1d13fb5.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O18 - Protocol: bw+0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {1786978A-89B0-4626-9E8F-E8E8CEC946DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked » 4 Assure toi d'avoir accés à tous les fichiers. Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage : Activer la case : Afficher les fichiers et dossiers cachés Désactiver la case : Masquer les extensions des fichiers dont le type est connu Désactiver la case : Masquer les fichiers protégés du système d'exploitation Puis Appliquer 5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) : C:\Documents and Settings\Sandman\Local Settings\Application Data\a1d13fb5.exe Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système. 6 Lance le nettoyage avec CCleaner. 7 Ouvre le dossier Clean qui se trouve sur ton bureau. Double-clic sur clean.cmd. Une fenêtre noire va apparaître pendant un instant, laisse la ouverte. 8 Redémarre normalement 9 Télécharge Combofix.exe (par sUBs) sur ton Bureau http://download.bleepingcomputer.com/sUBs/combofix.exe Double clique combofix.exe et suis les invites. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le rapport qui se trouve ici C:\rapport_clean.txt
Dorian_lsu
 Posté le 14/10/2006 à 00:59 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
voici le rapport de combofix: Sandman - 06-10-14 0:48:16,64 Service Pack 2 ComboFix 06.10.14 - Running from: "C:\Documents and Settings\Sandman\Bureau" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\components C:\Program Files\Fichiers communs\{84FC0F32-0BB0-1036-0103-060520050021} ((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 )))))))))))))))))))))))))))))))))) 2006-10-13 18:58 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-10-13 04:58 98,324 --a------ C:\WINDOWS\system32\cgktoyug.dll 2006-10-11 06:02 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe 2006-10-10 23:28 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2006-10-04 06:15 86,036 --a------ C:\WINDOWS\system32\kyhjseev.dll 2006-09-29 18:06 94,208 --a------ C:\WINDOWS\system32\W32n50.dll 2006-09-29 18:06 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS 2006-09-26 19:03 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys 2006-09-26 18:18 143,380 --a------ C:\WINDOWS\system32\lmvaluvc.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-14 00:48 -------- d-------- C:\Program Files\Fichiers communs 2006-10-14 00:46 -------- d-------- C:\Program Files\Wanadoo 2006-10-14 00:46 -------- d-------- C:\Program Files\Mozilla Firefox 2006-10-13 18:58 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-13 18:58 -------- d-------- C:\Program Files\ToniArts 2006-10-13 18:58 -------- d-------- C:\Program Files\Grisoft 2006-10-13 18:55 -------- d-------- C:\Program Files\CCleaner 2006-10-13 08:29 -------- d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment 2006-10-13 04:58 792425 ---hs---- C:\WINDOWS\system32\ghkmp.bak2 2006-10-12 19:11 -------- d-------- C:\Documents and Settings\Sandman\Application Data\McAfee.com Personal Firewall 2006-10-08 23:01 -------- d-------- C:\Program Files\AutoShut 2006-09-30 18:53 681160 ---hs---- C:\WINDOWS\system32\ghkmp.bak1 2006-09-30 02:00 -------- d-------- C:\Documents and Settings\Sandman\Application Data\teamspeak2 2006-09-29 18:22 -------- d-------- C:\Program Files\Winamp 2006-09-29 18:01 -------- d-------- C:\Program Files\SAGEM 2006-09-29 17:58 -------- d-------- C:\Program Files\Securitoo 2006-09-25 18:54 -------- d-------- C:\Program Files\eMule 2006-09-19 23:12 -------- d-------- C:\Program Files\BDGest 2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-12 23:20 -------- d-------- C:\Documents and Settings\Sandman\Application Data\Skype 2006-09-12 08:17 86094 --a------ C:\WINDOWS\BPMNT.dll 2006-09-12 08:17 71749 --a------ C:\WINDOWS\hcextoutput.dll 2006-09-12 08:17 176709 --a------ C:\WINDOWS\tsc.exe 2006-09-12 08:17 1101904 --a------ C:\WINDOWS\vsapi32.dll 2006-09-11 23:32 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-09-11 19:59 -------- d-------- C:\Program Files\DAEMON Tools 2006-09-11 19:19 -------- d-------- C:\Program Files\Alwil Software 2006-09-11 18:47 -------- d-------- C:\Program Files\Lavasoft 2006-09-11 18:47 -------- d-------- C:\Documents and Settings\Sandman\Application Data\Lavasoft 2006-09-10 09:15 577588 ---hs---- C:\WINDOWS\system32\pmkhg.dll 2006-09-10 09:13 -------- d-------- C:\Program Files\Prey 2006-09-10 09:05 69689 --a------ C:\WINDOWS\UNZIP.DLL 2006-09-10 09:05 507904 --a------ C:\WINDOWS\TMUPDATE.DLL 2006-09-10 09:05 286720 --a------ C:\WINDOWS\PATCH.EXE 2006-09-10 08:56 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2006-09-10 08:55 96256 --a------ C:\WINDOWS\system32\drivers\sptd1661.sys 2006-09-10 08:55 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2006-09-03 22:09 -------- d-------- C:\Program Files\Matroska Pack 2006-08-30 20:32 -------- d-------- C:\Program Files\McAfee.com 2006-08-30 18:45 -------- d-------- C:\Program Files\ICQLite 2006-08-28 18:29 -------- d-------- C:\Documents and Settings\Sandman\Application Data\InstallShield 2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-22 00:07 -------- d-------- C:\Program Files\SmartFTP Client 2.0 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-08-16 11:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys 2006-08-14 12:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys 2006-08-08 18:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe 2006-08-05 08:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "WOOKIT"="C:\\Program Files\\Wanadoo\\GestMaj.exe EspaceWanadoo.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "CTHelper"="CTHELPER.EXE" "CTxfiHlp"="CTXFIHLP.EXE" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\"" "VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r" "AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\"" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe" "WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" @="" "MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=hex:95,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhg HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmmt32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Rappel d'abonnement 1 auprŠs de l'ISP.job Completion time: 06-10-14 0:48:49.21 C:\ComboFix.txt ... 06-10-14 00:48 voici le raport de clean: Script clean par Malekal_morte - http://www.malekal.com Microsoft Windows XP [version 5.1.2600] Script execute en mode sans echec *** Suppression de fichiers sur C: *** Suppression des fichiers dans C:\WINDOWS\ C:\WINDOWS\unvise32qt.exe FOUND *** Suppression des fichiers dans C:\WINDOWS\system32 C:\WINDOWS\system32\drivers\etc\hosts.msn FOUND *** Suppression des clefs du registre effectuee.. bon sinon impossible de récupérer le rapport de hijackthis.... quand je clique sur save log il se ferme et pas moyen de mettre la main sur un quelconque fichier de log. En ce qui concerne vundofix je l'ai installé et utilisé apres avoir eu ses problemes.
Dorian_lsu
 Posté le 19/10/2006 à 00:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
je viens aux nouvelles :)
Publicité
Chercheur
 Posté le 19/10/2006 à 01:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonsoir Supprime les fichiers : C:\WINDOWS\system32\cgktoyug.dll C:\WINDOWS\system32\kyhjseev.dll C:\WINDOWS\system32\winmmt32.dll C:\WINDOWS\system32\pmkhg.dll --> dis moi si tu le trouves. Renomme hijackthis.exe en scanner.exe et lance un scan. Poste son rapport. Télécharge SmitfraudFix de S!Ri: http://siri.urz.free.fr/Fix/SmitfraudFix.php Tu le dézippes sur le Bureau. Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1 Postes le rapport.
Dorian_lsu
 Posté le 19/10/2006 à 19:44 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
bon je ne trouve pas le fichier C:\WINDOWS\system32\pmkhg.dll ou plutot si je le trouve mais pour cela je dois afficher les fichiers systeme cachés, et quand je veux le supprimer (en mode sans echec) il m'informe qu'il est en cours d'utilisation bon le renommage de hijackthis a fonctionné et voila le rapport qu'il em sort: Logfile of HijackThis v1.99.1 Scan saved at 19:37:51, on 19/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Documents and Settings\Sandman\Bureau\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\cgktoyug.dll (file missing) O2 - BHO: (no name) - {289794D2-A196-4CA7-84E7-1BD13EE7D147} - C:\WINDOWS\system32\pmkhg.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe le rapport fourni par smitfraudfix: SmitFraudFix v2.110 Rapport fait à 19:35:24,20, 19/10/2006 Executé à partir de C:\Documents and Settings\Sandman\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sandman »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sandman\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sandman\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Merci vraiment du temps passé à répondre aux pauvres néophytes tels que moi, on se sent vraiment impuissant vis a vis de ce genre de saleté, et c'est agréable de trouver une main secourable.
Chercheur
 Posté le 19/10/2006 à 20:17 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour SmitfraudFix n'a rien trouvé. On s'occupe de ce fichier résistant. Clic sur le menu Démarrer puis executer et copie/colle ceci : "%userprofile%\Bureau\combofix.exe" /v pmkhg puis clic sur OK. Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport avec un nouveau rapport HijackThis.
Dorian_lsu
 Posté le 19/10/2006 à 22:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
voici le rapport de combofix: Sandman - 06-10-19 20:57:38,89 Service Pack 2 ComboFix 06.10.14 - Running from: "C:\Documents and Settings\Sandman\Bureau" Command switches used
/v pmkhg (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\pmkhg.dll C:\WINDOWS\system32\ghkmp.bak1 C:\WINDOWS\system32\ghkmp.bak2 C:\WINDOWS\system32\ghkmp.ini C:\WINDOWS\system32\ghkmp.ini2 C:\WINDOWS\system32\ghkmp.tmp * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2006-09-19 to 2006-10-19 )))))))))))))))))))))))))))))))))) 2006-10-19 19:35 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-10-19 19:35 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-10-19 19:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-10-19 19:35 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-10-14 11:07 45,525 --a------ C:\WINDOWS\system32\dorrfopd.dll 2006-10-13 18:58 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-10-11 06:02 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe 2006-10-10 23:28 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2006-09-29 18:06 94,208 --a------ C:\WINDOWS\system32\W32n50.dll 2006-09-29 18:06 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS 2006-09-26 19:03 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys 2006-09-26 18:18 143,380 --a------ C:\WINDOWS\system32\lmvaluvc.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-19 20:54 -------- d-------- C:\Program Files\Mozilla Firefox 2006-10-19 19:38 -------- d-------- C:\Program Files\Wanadoo 2006-10-19 00:34 -------- d-------- C:\Documents and Settings\Sandman\Application Data\teamspeak2 2006-10-17 20:36 -------- d-------- C:\Documents and Settings\Sandman\Application Data\McAfee.com Personal Firewall 2006-10-14 00:48 -------- d-------- C:\Program Files\Fichiers communs 2006-10-13 18:58 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-13 18:58 -------- d-------- C:\Program Files\ToniArts 2006-10-13 18:58 -------- d-------- C:\Program Files\Grisoft 2006-10-13 18:55 -------- d-------- C:\Program Files\CCleaner 2006-10-13 08:29 -------- d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment 2006-10-08 23:01 -------- d-------- C:\Program Files\AutoShut 2006-09-29 18:22 -------- d-------- C:\Program Files\Winamp 2006-09-29 18:01 -------- d-------- C:\Program Files\SAGEM 2006-09-29 17:58 -------- d-------- C:\Program Files\Securitoo 2006-09-25 18:54 -------- d-------- C:\Program Files\eMule 2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe 2006-09-25 17:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2006-09-25 17:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2006-09-25 17:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2006-09-25 17:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2006-09-25 17:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-09-25 17:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2006-09-19 23:12 -------- d-------- C:\Program Files\BDGest 2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-12 23:20 -------- d-------- C:\Documents and Settings\Sandman\Application Data\Skype 2006-09-12 08:17 86094 --a------ C:\WINDOWS\BPMNT.dll 2006-09-12 08:17 71749 --a------ C:\WINDOWS\hcextoutput.dll 2006-09-12 08:17 176709 --a------ C:\WINDOWS\tsc.exe 2006-09-12 08:17 1101904 --a------ C:\WINDOWS\vsapi32.dll 2006-09-11 23:32 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-09-11 19:59 -------- d-------- C:\Program Files\DAEMON Tools 2006-09-11 19:19 -------- d-------- C:\Program Files\Alwil Software 2006-09-11 18:47 -------- d-------- C:\Program Files\Lavasoft 2006-09-11 18:47 -------- d-------- C:\Documents and Settings\Sandman\Application Data\Lavasoft 2006-09-10 09:13 -------- d-------- C:\Program Files\Prey 2006-09-10 09:05 69689 --a------ C:\WINDOWS\UNZIP.DLL 2006-09-10 09:05 507904 --a------ C:\WINDOWS\TMUPDATE.DLL 2006-09-10 09:05 286720 --a------ C:\WINDOWS\PATCH.EXE 2006-09-10 08:56 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2006-09-10 08:55 96256 --a------ C:\WINDOWS\system32\drivers\sptd1661.sys 2006-09-10 08:55 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2006-09-03 22:09 -------- d-------- C:\Program Files\Matroska Pack 2006-08-30 20:32 -------- d-------- C:\Program Files\McAfee.com 2006-08-30 18:45 -------- d-------- C:\Program Files\ICQLite 2006-08-28 18:29 -------- d-------- C:\Documents and Settings\Sandman\Application Data\InstallShield 2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-22 00:07 -------- d-------- C:\Program Files\SmartFTP Client 2.0 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "WOOKIT"="C:\\Program Files\\Wanadoo\\GestMaj.exe EspaceWanadoo.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "CTHelper"="CTHELPER.EXE" "CTxfiHlp"="CTXFIHLP.EXE" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\"" "VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r" "AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\"" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe" "WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" @="" "MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=hex:95,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmmt32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Rappel d'abonnement 1 auprŠs de l'ISP.job Completion time: 06-10-19 20:59:03.87 C:\ComboFix.txt ... 06-10-19 20:59 C:\ComboFix2.txt ... 06-10-14 00:48 et celui de hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:41:54, on 19/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Sandman\Bureau\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\cgktoyug.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe il semblerait, je dis bien il semblerait que ca soit parti, Je n'ai aps eu de pop-up intempestive au lancement de firefox, alors qu'habituellement j'en ai une assez rapidement, confirmation demain.
Chercheur
 Posté le 20/10/2006 à 00:17 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Re Plus rien d'infectieux dans HijackThis (quelques lignes inutiles), mais un fichier douteux dans Combofix. 1 Relance un scan HijackThis et coche les lignes ci-dessous : O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\cgktoyug.dll (file missing) O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked » 2 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK. Dans la liste des services, cherche et sélectionne "France Telecom Routing Table Service" / double clique sur la ligne / vérifie dans Chemin d'accès des fichiers exécutables qu'il s'agit bien de "C:\WINDOWS\System32\FTRTSVC.exe" / dans Type de démarrage, sélectionne Désactiver / valide la modification. 3 Lance le nettoyage avec CCleaner. 4 Va sur ce site http://www.virustotal.com/xhtml/virustotal_en.html Clique sur Parcourir et cherche ce fichier. C:\WINDOWS\system32\dorrfopd.dll Ensuite clique sur Send . Si tu as le message "STATUS: QUEUED", patiente. Colle le rapport ici.
Dorian_lsu
 Posté le 20/10/2006 à 18:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
bon voici le rapport donné par le site, il semblerait bien que ca soit encore une cochonnerie: AntiVir 7.2.0.32 10.20.2006 TR/PCK.Klone.K.5 Authentium 4.93.8 10.20.2006 no virus found Avast 4.7.892.0 10.20.2006 no virus found AVG 386 10.20.2006 Klone BitDefender 7.2 10.20.2006 no virus found CAT-QuickHeal 8.00 10.20.2006 Trojan.Klone.k ClamAV devel-20060426 10.20.2006 no virus found DrWeb 4.33 10.20.2006 no virus found eTrust-InoculateIT 23.73.30 10.20.2006 no virus found eTrust-Vet 30.3.3146 10.20.2006 Win32/Darksma.J Ewido 4.0 10.19.2006 Logger.VBStat.e Fortinet 2.82.0.0 10.20.2006 suspicious F-Prot 3.16f 10.20.2006 no virus found F-Prot4 4.2.1.29 10.19.2006 no virus found Ikarus 0.2.65.0 10.20.2006 Packer.byDwing Kaspersky 4.0.2.24 10.20.2006 Packed.Win32.Klone.k McAfee 4878 10.20.2006 Generic Spy Microsoft 1.1603 10.20.2006 no virus found NOD32v2 1.1819 10.20.2006 no virus found Norman 5.80.02 10.20.2006 W32/Stration.OS@mm Panda 9.0.0.4 10.20.2006 Application/WinFixer2006 Sophos 4.10.0 10.15.2006 no virus found TheHacker 6.0.1.102 10.20.2006 Trojan/Klone.k UNA 1.83 10.20.2006 Trojan.Spy.Win32.Countof.BF97 VBA32 3.11.1 10.20.2006 no virus found VirusBuster 4.3.7:9 10.20.2006 no virus found Aditional Information File size: 45525 bytes MD5: cd146cfa668a77e6b041a979df6d0b41 SHA1: a9e3ccfd7bdfaacdce80d96e9108f926898be936 packers: UPACK packers: UPack
Chercheur
 Posté le 20/10/2006 à 19:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Effectivement, supprime ce fichier C:\WINDOWS\system32\dorrfopd.dll En mode sans échec s'il résiste. As tu encore des dysfonctionnements ?
Dorian_lsu
 Posté le 20/10/2006 à 19:58 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
je l'ai viré avec AVG, et pour le moment je n'ai plus de symptomes suspects. Une nouvelle fois merci pour votre aide, sincèrement. Cyrille.
Publicité
Chercheur
 Posté le 20/10/2006 à 20:03 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Re Tu peux donc marquer ton sujet comme résolu [clindoeil] Encore une petite chose [bigsmile] Dénonce ton infection pour faire condamner les auteurs. Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection : - Voir les règles du forum : http://www.malwarecomplaints.info/viewtopic.php?t=5 - Après t'être enregistré à l'aide du bouton en haut se nommant "Register" Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age" Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age" Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..). La tienne = Winantiviruspro 2006 Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections conforme au règle du forum (age, ville, département etc..) Indique aussi le nom du Forum qui t'a aidé. ---> http://www.malwarecomplaints.info/viewforum.php?f=10 Plus d'informations [url="http://forum.zebulon.fr/index.php?showtopic=88688"]ici[/url]
Page : [1] 
Page 1 sur 1

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
98,99 €SSD WD Blue SN550 1 To (NMVe M.2, 2400 Mo/s) à 98,99 €
Valable jusqu'au 13 Mai

Amazon fait une promotion sur le SSD WD Blue SN550 1 To (NMVe M.2) qui passe à 96,99 € livré gratuitement alors qu'on le trouve ailleurs à partir de 129 €. Ce SSD utilise une interface M.2 NVMe PCIe Gen3 x 4 pour une connexion simple et des performances exceptionnelles : jusqu’à 2 400 Mo/s en lecture séquentielle et jusqu’à 1 950 Mo/s en écriture séquentielle. Le SSD est doté de la technologie 3D TLC NAND haute densité offrant une endurance d’écriture durable et assorti d’une garantie de cinq ans.


> Voir l'offre
939,00 €Ecran PC incurvé 49 pouces Samsung C49RG90 (DQHD 5120x1440, QLED, 4 ms, 120 Hz) à 939 €
Valable jusqu'au 13 Mai

Amazon fait une promotion sur le magnifique écran PC incurvé 49 pouces Samsung C49RG90 à 939 € livré gratuitement. On le trouve ailleurs à partir de 1100 €.

Cet écran incurvé offre une définition DQHD de 5120x1440 pixels (équivalent à 2 moniteurs QHD côte à côte) et possède une dalle 120 Hz. Utilisez la fonction Picture-by-Picture pour afficher simultanément le travail de deux PC.


> Voir l'offre
39,33 €Lot de 5 Câbles RJ45 Cat6 UTP KabelDirekt - 5x 30M, Gigabit/LAN à 39,33 €
Valable jusqu'au 13 Mai

Amazon fait une belle promotion sur le lot de 5 câbles gigabit RJ45 Cat6 UTP KabelDirekt de 30 mètres chacun à 39,33 € livré gratuitement au lieu de 66 €. Les câbles sont particulièrement flexibles et donc pratiques à poser – sans crainte des interférences grâce à la technique à paire torsadée (Twisted-Pair). Pour des transferts de données jusqu’à 1000 Mbit/s (1000Base-T)


> Voir l'offre

Sujets relatifs
encore winantiviruspro 2006
Encore Vundo (RESOLU) Merci
Se débarasser de WinAntivirusPro 2006 !
winantiviruspro 2006
winantivirusPro a encore frappé
System doctor 2006 encore
Rapport hijackthis2 (encore Résolu)
Encore un Virus... pfff [résolu]
zone alarm (resolu) mci encore ^^
[Résolu]encore un prob, quesque c encore[Résolu]
Plus de sujets relatifs à [résolu][Winantiviruspro 2006] encore ...
 > Tous les forums > Forum Sécurité