> Tous les forums > Forum Sécurité
 éliminer virus win32 Agent HZS
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
justbeaware
  Posté le 14/07/2007 @ 20:35 
Aller en bas de la page 
Petit astucien

Bonjour,

Suite à un message lu sur ce forum, je me permets de poster mon rapport MSN fix et Hijackthis effectué depuis la découverte du supervirus nommé ci dessus avec Avast. Je n'arrive pas à l'éliminer, comme vous pouvez vous en douter... Merci d'avance pour votre aide!

MSNFix:

MSN_Fix 1.333

C:\Documents and Settings\TEMP\Bureau\MSNFix\MSNFix
Fix exécuté le 14/07/2007 - 20:10:28,76 By AHMED
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\\_default.pif

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\\_default.pif



************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\MOUZZ_V3.SCR] 469C9B6C34F2F632D96E342761CB272A
[C:\WINDOWS\\_ss1_PC.scr] C481F658C5E9BB8E8F81EDAB31A0E19D


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 14072007_20113006.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://246694.aceboard.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:31, on 14/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\bjkrnkuc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\cvahfdrp.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -
O18 - Protocol: bw+0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Securitoo\av_fw\fswsclds.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O24 - Desktop Component 0: (no name) - http://img169.imageshack.us/img169/1576/6mw8.png

--
End of file - 20182 bytes

J'espère vraiment que quelqu'un pourra m'aider...

Publicité
Chercheur
 Posté le 14/07/2007 à 21:16 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour

Bonjour


Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt

justbeaware
 Posté le 14/07/2007 à 22:20 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Re! Déjà, merci de ton aide si rapide, ça fait super plaisir!!

Voici les rapports (mais j'ai déjà pu constater que les fenêtres intempestives ne s'ouvrent plus à l'ouverture d'IE... :) )

Rapport COMBOFIX:

"AHMED" - 2007-07-14 21:56:54 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\acrhpion.exe
C:\WINDOWS\system32\ammpcjph.exe
C:\WINDOWS\system32\aqctcrmg.exe
C:\WINDOWS\system32\bjkrnkuc.exe
C:\WINDOWS\system32\bpbbunxc.exe
C:\WINDOWS\system32\cqyaulde.exe
C:\WINDOWS\system32\deerdpmy.exe
C:\WINDOWS\system32\dplysgpt.exe
C:\WINDOWS\system32\gisaemwd.exe
C:\WINDOWS\system32\gofjihpo.exe
C:\WINDOWS\system32\knweownr.exe
C:\WINDOWS\system32\kuovquqh.exe
C:\WINDOWS\system32\mgmvguyv.exe
C:\WINDOWS\system32\nqotpelt.exe
C:\WINDOWS\system32\pgbdphvb.exe
C:\WINDOWS\system32\rfujhpse.exe
C:\WINDOWS\system32\robgvluc.exe
C:\WINDOWS\system32\rufhuhqu.exe
C:\WINDOWS\system32\sopoqdel.exe
C:\WINDOWS\system32\srlsyraf.exe
C:\WINDOWS\system32\tcynjwmx.exe
C:\WINDOWS\system32\tonscjeo.exe
C:\WINDOWS\system32\ufnssyai.exe
C:\WINDOWS\system32\unusbwpm.exe
C:\WINDOWS\system32\vxpbqneg.exe
C:\WINDOWS\system32\wjrllcmr.exe
C:\WINDOWS\system32\xiniypag.exe
C:\WINDOWS\system32\ydtuhnni.exe
C:\WINDOWS\system32\cgiucbxk.dll
C:\WINDOWS\system32\fdjmgcpu.dll
C:\WINDOWS\system32\qfyqnsjm.dll
C:\WINDOWS\system32\uuloaypn.dll
C:\WINDOWS\system32\yxewyoqo.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\AHMED\APPLIC~1\HbTools
C:\DOCUME~1\TEMP\Bureau.\internet explorer.lnk
C:\WINDOWS\system32\idhkfqki.exe
C:\WINDOWS\system32\kpxedqwv.exe
C:\WINDOWS\system32\nojbsvna.exe
C:\WINDOWS\system32\rifocxwj.exe
C:\WINDOWS\system32\suvakxri.exe
C:\WINDOWS\system32\urhqacxb.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


2007-07-14 21:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-14 21:47 <REP> d-------- C:\VundoFix Backups
2007-07-14 20:17 <REP> d-------- C:\Program Files\Trend Micro
2007-07-14 20:14 <REP> d-------- C:\hijackthis
2007-07-14 10:40 <REP> d-------- C:\Program Files\Lavasoft
2007-07-14 10:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-14 10:38 468,577 --a------ C:\ad-aware-se-personal_ad-aware_se_personal_langage_pack_francais_12797.exe
2007-07-14 10:38 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-07-14 10:37 18,051,488 --a------ C:\ad-aware_ad-aware_2007_7.0.1.5_anglais_12797.exe
2007-07-13 16:22 128,576 --a------ C:\WINDOWS\system32\qrxglsjk.dll
2007-07-13 16:19 66,624 --a------ C:\WINDOWS\system32\movaxwpj.dll
2007-07-13 16:16 4,672 --a------ C:\WINDOWS\system32\xivvswci.exe
2007-07-13 16:13 66,112 --a------ C:\WINDOWS\system32\jdvrflme.exe
2007-07-13 10:48 128,576 --a------ C:\WINDOWS\system32\sxtkbsiq.dll
2007-07-13 10:46 4,672 --a------ C:\WINDOWS\system32\whsmxaih.exe
2007-07-13 10:43 66,624 --a------ C:\WINDOWS\system32\sloadbod.dll
2007-07-13 10:41 66,112 --a------ C:\WINDOWS\system32\llwfohkw.exe
2007-07-12 11:52 4,672 --a------ C:\WINDOWS\system32\yeqmpnrf.exe
2007-07-12 11:49 66,624 --a------ C:\WINDOWS\system32\ykytwjya.dll
2007-07-12 11:45 66,112 --a------ C:\WINDOWS\system32\onyklucc.exe
2007-07-10 07:46 4,672 --a------ C:\WINDOWS\system32\hmhmbsat.exe
2007-07-10 07:43 128,576 --a------ C:\WINDOWS\system32\wkrtsqlj.dll
2007-07-09 18:15 4,672 --a------ C:\WINDOWS\system32\mpukpluh.exe
2007-07-09 13:39 4,672 --a------ C:\WINDOWS\system32\kqxwbjjy.exe
2007-07-08 14:35 <REP> d-------- C:\Program Files\SAGEM
2007-07-08 14:31 <REP> d-------- C:\Program Files\Securitoo
2007-07-08 08:21 128,576 --a------ C:\WINDOWS\system32\dskhxnrd.dll
2007-07-08 08:18 4,672 --a------ C:\WINDOWS\system32\gyimayfo.exe
2007-07-07 08:54 4,672 --a------ C:\WINDOWS\system32\ntnpabxs.exe
2007-07-07 08:51 128,576 --a------ C:\WINDOWS\system32\sshuotnc.dll
2007-07-06 12:52 128,576 --a------ C:\WINDOWS\system32\fghorslv.dll
2007-07-06 12:49 4,672 --a------ C:\WINDOWS\system32\hfcqande.exe
2007-07-05 18:51 4,672 --a------ C:\WINDOWS\system32\sqinecsh.exe
2007-07-05 18:48 128,576 --a------ C:\WINDOWS\system32\jlbkxupm.dll
2007-07-05 14:32 128,576 --a------ C:\WINDOWS\system32\xyudlviq.dll
2007-07-05 14:29 4,672 --a------ C:\WINDOWS\system32\esydhxmb.exe
2007-07-05 10:32 4,672 --a------ C:\WINDOWS\system32\uokljwxx.exe
2007-07-05 10:28 128,576 --a------ C:\WINDOWS\system32\cimpsqhw.dll
2007-07-04 11:54 4,672 --a------ C:\WINDOWS\system32\uunpecpl.exe
2007-07-04 11:51 128,576 --a------ C:\WINDOWS\system32\kehpvulc.dll
2007-07-04 09:31 128,576 --a------ C:\WINDOWS\system32\kabedpus.dll
2007-07-04 09:28 4,672 --a------ C:\WINDOWS\system32\kfembvaw.exe
2007-07-03 18:50 4,672 --a------ C:\WINDOWS\system32\ucfdibtw.exe
2007-07-03 18:47 128,576 --a------ C:\WINDOWS\system32\rhljmhfd.dll
2007-07-03 15:19 4,672 --a------ C:\WINDOWS\system32\alqiuged.exe
2007-07-03 15:16 128,576 --a------ C:\WINDOWS\system32\ilvckbbd.dll
2007-07-03 08:06 128,576 --a------ C:\WINDOWS\system32\ndtbtlkj.dll
2007-07-02 09:34 128,576 --a------ C:\WINDOWS\system32\yblamogk.dll
2007-07-01 12:44 128,576 --a------ C:\WINDOWS\system32\islbqvac.dll
2007-06-30 09:30 128,576 --a------ C:\WINDOWS\system32\vrppxaqq.dll
2007-06-28 09:11 128,576 --a------ C:\WINDOWS\system32\gfnkvetn.dll
2007-06-27 07:17 128,576 --a------ C:\WINDOWS\system32\tqkrerwl.dll
2007-06-25 23:17 272,925 --a------ C:\Poker plus.exe
2007-06-23 10:44 2,719,216 --a------ C:\ccsetup140.exe
2007-06-20 22:58 284,360 --a------ C:\Everest_Poker.exe
2007-06-19 17:15 <REP> d-------- C:\Program Files\Dofus


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 23:43:57 74,832 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-11 23:43:57 464,574 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-07-08 13:11:27 21,840 -c--atw C:\WINDOWS\system32\SIntfNT.dll
2007-07-08 13:11:27 17,212 -c--atw C:\WINDOWS\system32\SIntf32.dll
2007-07-08 13:11:26 12,067 -c--atw C:\WINDOWS\system32\SIntf16.dll
2007-07-08 12:35:34 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 17:17:20 -------- d-----w C:\Program Files\MSN Messenger
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-01 13:04:11 -------- d-----w C:\Program Files\Google
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-05-17 18:37:19 1,112 -c--a-w C:\DOCUME~1\TEMP\APPLIC~1\ViewerApp.dat
2006-02-20 11:13:26 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E03C0FD-4C48-43A7-9A54-00240C70FF16}]
2002-12-20 10:46 69632 --a------ C:\WINDOWS\system32\BhoECart.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-04-17 13:32 323904 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-01 09:35 2436160 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1AFC41D-3F49-41FC-93CA-735EFF0CD3FC}]
C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
2001-07-25 11:00 143420 --a------ C:\Program Files\Microsoft Money\System\mnyviewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 17:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-01 09:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


Contents of the 'Scheduled Tasks' folder
2007-07-11 19:15:15 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2005-03-27 19:33:32 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1099941662.job
2007-03-05 18:51:45 C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
2004-11-14 09:35:00 C:\WINDOWS\tasks\Rappel d'enregistrement 2.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 22:07:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-14 22:10:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-14 22:10

--- E O F ---

Rapport HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:11, on 14/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - (no file)
O2 - BHO: (no name) - {E1AFC41D-3F49-41FC-93CA-735EFF0CD3FC} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -
O18 - Protocol: bw+0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Securitoo\av_fw\fswsclds.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O24 - Desktop Component 0: (no name) - http://img169.imageshack.us/img169/1576/6mw8.png

--
End of file - 20784 bytes

et Rapport Vundofix:


VundoFix V6.5.4

Checking Java version...

Scan started at 21:47:56 14/07/2007

Listing files found while scanning....

C:\windows\system32\ajpndctr.dll
C:\windows\system32\bnkmsgqp.ini
C:\windows\system32\cvahfdrp.dll
C:\windows\system32\dpynrsry.ini
C:\windows\system32\dxqldffx.dll
C:\windows\system32\enyrvlym.ini
C:\windows\system32\exrsoppr.ini
C:\WINDOWS\system32\fmiuhrtt.dll
C:\WINDOWS\system32\hgggdbx.dll
C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak2
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\jmllm.tmp
C:\WINDOWS\system32\mllmj.dll
C:\windows\system32\mylvryne.dll
C:\windows\system32\nsdnvpwt.dll
C:\windows\system32\pqgsmknb.dll
C:\windows\system32\prdfhavc.ini
C:\windows\system32\rpposrxe.dll
C:\windows\system32\rtcdnpja.ini
C:\windows\system32\rwdgtqkt.ini
C:\windows\system32\slahapew.ini
C:\windows\system32\tkqtgdwr.dll
C:\windows\system32\twpvndsn.ini
C:\windows\system32\wepahals.dll
C:\windows\system32\xffdlqxd.ini
C:\WINDOWS\system32\yrsrnypd.dll

Beginning removal...

Attempting to delete C:\windows\system32\ajpndctr.dll
C:\windows\system32\ajpndctr.dll Has been deleted!

Attempting to delete C:\windows\system32\bnkmsgqp.ini
C:\windows\system32\bnkmsgqp.ini Has been deleted!

Attempting to delete C:\windows\system32\cvahfdrp.dll
C:\windows\system32\cvahfdrp.dll Has been deleted!

Attempting to delete C:\windows\system32\dpynrsry.ini
C:\windows\system32\dpynrsry.ini Has been deleted!

Attempting to delete C:\windows\system32\dxqldffx.dll
C:\windows\system32\dxqldffx.dll Has been deleted!

Attempting to delete C:\windows\system32\enyrvlym.ini
C:\windows\system32\enyrvlym.ini Has been deleted!

Attempting to delete C:\windows\system32\exrsoppr.ini
C:\windows\system32\exrsoppr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fmiuhrtt.dll
C:\WINDOWS\system32\fmiuhrtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggdbx.dll
C:\WINDOWS\system32\hgggdbx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.bak2
C:\WINDOWS\system32\jmllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\jmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.tmp
C:\WINDOWS\system32\jmllm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\mllmj.dll Has been deleted!

Attempting to delete C:\windows\system32\mylvryne.dll
C:\windows\system32\mylvryne.dll Has been deleted!

Attempting to delete C:\windows\system32\nsdnvpwt.dll
C:\windows\system32\nsdnvpwt.dll Has been deleted!

Attempting to delete C:\windows\system32\pqgsmknb.dll
C:\windows\system32\pqgsmknb.dll Has been deleted!

Attempting to delete C:\windows\system32\prdfhavc.ini
C:\windows\system32\prdfhavc.ini Has been deleted!

Attempting to delete C:\windows\system32\rpposrxe.dll
C:\windows\system32\rpposrxe.dll Has been deleted!

Attempting to delete C:\windows\system32\rtcdnpja.ini
C:\windows\system32\rtcdnpja.ini Has been deleted!

Attempting to delete C:\windows\system32\rwdgtqkt.ini
C:\windows\system32\rwdgtqkt.ini Has been deleted!

Attempting to delete C:\windows\system32\slahapew.ini
C:\windows\system32\slahapew.ini Has been deleted!

Attempting to delete C:\windows\system32\tkqtgdwr.dll
C:\windows\system32\tkqtgdwr.dll Has been deleted!

Attempting to delete C:\windows\system32\twpvndsn.ini
C:\windows\system32\twpvndsn.ini Has been deleted!

Attempting to delete C:\windows\system32\wepahals.dll
C:\windows\system32\wepahals.dll Has been deleted!

Attempting to delete C:\windows\system32\xffdlqxd.ini
C:\windows\system32\xffdlqxd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yrsrnypd.dll
C:\WINDOWS\system32\yrsrnypd.dll Has been deleted!

Performing Repairs to the registry.
Done!

MERCI beaucoup par avance, je sens avoir beaucoup progressé déjà, merci! :)

Chercheur
 Posté le 15/07/2007 à 00:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour


Oui, cela a bien progressé.
Mais il en reste encore beaucoup.


Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - (no file)
O2 - BHO: (no name) - {E1AFC41D-3F49-41FC-93CA-735EFF0CD3FC} - C:\WINDOWS\system32\mllmj.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -
O18 - Protocol: bw+0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5DCCFB99-F96F-4AE9-A700-6E53740E3E69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\qrxglsjk.dll
C:\WINDOWS\system32\movaxwpj.dll
C:\WINDOWS\system32\xivvswci.exe
C:\WINDOWS\system32\jdvrflme.exe
C:\WINDOWS\system32\sxtkbsiq.dll
C:\WINDOWS\system32\whsmxaih.exe
C:\WINDOWS\system32\sloadbod.dll
C:\WINDOWS\system32\llwfohkw.exe
C:\WINDOWS\system32\yeqmpnrf.exe
C:\WINDOWS\system32\ykytwjya.dll
C:\WINDOWS\system32\onyklucc.exe
C:\WINDOWS\system32\hmhmbsat.exe
C:\WINDOWS\system32\wkrtsqlj.dll
C:\WINDOWS\system32\mpukpluh.exe
C:\WINDOWS\system32\kqxwbjjy.exe
C:\WINDOWS\system32\dskhxnrd.dll
C:\WINDOWS\system32\gyimayfo.exe
C:\WINDOWS\system32\ntnpabxs.exe
C:\WINDOWS\system32\sshuotnc.dll
C:\WINDOWS\system32\fghorslv.dll
C:\WINDOWS\system32\hfcqande.exe
C:\WINDOWS\system32\sqinecsh.exe
C:\WINDOWS\system32\jlbkxupm.dll
C:\WINDOWS\system32\xyudlviq.dll
C:\WINDOWS\system32\esydhxmb.exe
C:\WINDOWS\system32\uokljwxx.exe
C:\WINDOWS\system32\cimpsqhw.dll
C:\WINDOWS\system32\uunpecpl.exe
C:\WINDOWS\system32\kehpvulc.dll
C:\WINDOWS\system32\kabedpus.dll
C:\WINDOWS\system32\kfembvaw.exe
C:\WINDOWS\system32\ucfdibtw.exe
C:\WINDOWS\system32\rhljmhfd.dll
C:\WINDOWS\system32\alqiuged.exe
C:\WINDOWS\system32\ilvckbbd.dll
C:\WINDOWS\system32\ndtbtlkj.dll
C:\WINDOWS\system32\yblamogk.dll
C:\WINDOWS\system32\islbqvac.dll
C:\WINDOWS\system32\vrppxaqq.dll
C:\WINDOWS\system32\gfnkvetn.dll
C:\WINDOWS\system32\tqkrerwl.dll


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\\_OTMoveIt\MovedFiles.

justbeaware
 Posté le 15/07/2007 à 10:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Et voici le rapport de _OTMoveIt:

LoadLibrary failed for C:\WINDOWS\system32\qrxglsjk.dll
C:\WINDOWS\system32\qrxglsjk.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\qrxglsjk.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\movaxwpj.dll
C:\WINDOWS\system32\movaxwpj.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\movaxwpj.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\xivvswci.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\jdvrflme.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\sxtkbsiq.dll
C:\WINDOWS\system32\sxtkbsiq.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\sxtkbsiq.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\whsmxaih.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\sloadbod.dll
C:\WINDOWS\system32\sloadbod.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\sloadbod.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\llwfohkw.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\yeqmpnrf.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\ykytwjya.dll
C:\WINDOWS\system32\ykytwjya.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ykytwjya.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\onyklucc.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\hmhmbsat.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\wkrtsqlj.dll
C:\WINDOWS\system32\wkrtsqlj.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wkrtsqlj.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\mpukpluh.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\kqxwbjjy.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\dskhxnrd.dll
C:\WINDOWS\system32\dskhxnrd.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\dskhxnrd.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\gyimayfo.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ntnpabxs.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\sshuotnc.dll
C:\WINDOWS\system32\sshuotnc.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\sshuotnc.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\fghorslv.dll
C:\WINDOWS\system32\fghorslv.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\fghorslv.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\hfcqande.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\sqinecsh.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\jlbkxupm.dll
C:\WINDOWS\system32\jlbkxupm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\jlbkxupm.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\xyudlviq.dll
C:\WINDOWS\system32\xyudlviq.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\xyudlviq.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\esydhxmb.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\uokljwxx.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\cimpsqhw.dll
C:\WINDOWS\system32\cimpsqhw.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cimpsqhw.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\uunpecpl.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\kehpvulc.dll
C:\WINDOWS\system32\kehpvulc.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\kehpvulc.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\kabedpus.dll
C:\WINDOWS\system32\kabedpus.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\kabedpus.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\kfembvaw.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ucfdibtw.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\rhljmhfd.dll
C:\WINDOWS\system32\rhljmhfd.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\rhljmhfd.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\alqiuged.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\ilvckbbd.dll
C:\WINDOWS\system32\ilvckbbd.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ilvckbbd.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\ndtbtlkj.dll
C:\WINDOWS\system32\ndtbtlkj.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ndtbtlkj.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\yblamogk.dll
C:\WINDOWS\system32\yblamogk.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yblamogk.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\islbqvac.dll
C:\WINDOWS\system32\islbqvac.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\islbqvac.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\vrppxaqq.dll
C:\WINDOWS\system32\vrppxaqq.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vrppxaqq.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\gfnkvetn.dll
C:\WINDOWS\system32\gfnkvetn.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\gfnkvetn.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\tqkrerwl.dll
C:\WINDOWS\system32\tqkrerwl.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\tqkrerwl.dll scheduled to be moved on reboot.
File/Folder not found.

Created on 07/15/2007 10:30:58

Comme je ne sais pas si tu en auras besoin, je poste aussi un rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:18, on 15/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Securitoo\av_fw\fswsclds.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O24 - Desktop Component 0: (no name) - http://img169.imageshack.us/img169/1576/6mw8.png

--
End of file - 6198 bytes

Merci!

Chercheur
 Posté le 15/07/2007 à 23:40 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour

Hijackthis est propre.

Est ce que le PC a redémarré quand tu as utilisé OTMoveIt ?

Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

justbeaware
 Posté le 16/07/2007 à 19:33 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonjour,

Oui, le PC a bien redemarré quand j'ai utilisé OTMoveIT.

Voici le rapport de Kaspersky Online Scanner :

EDIT: Désolé, petit bug lol

Voici le rapport (tronqué, car il est trop long pour être copié. De nombreux fichiers sont simplement marqués "verrouillés" et "ignorés" comme certains ici):

C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Program Files\Virtual CD v4 SDK\System\VCDImg.dat L'objet est verrouillé ignoré

C:\QooBox\Quarantine\C\WINDOWS\system32\acrhpion.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\ammpcjph.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\aqctcrmg.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\bjkrnkuc.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\bpbbunxc.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\cqyaulde.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\deerdpmy.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\dplysgpt.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\gisaemwd.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\gofjihpo.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\knweownr.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\kuovquqh.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\mgmvguyv.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\nqotpelt.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\pgbdphvb.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\rfujhpse.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\robgvluc.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\rufhuhqu.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\sopoqdel.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\srlsyraf.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\tcynjwmx.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\tonscjeo.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\ufnssyai.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\unusbwpm.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\vxpbqneg.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\wjrllcmr.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\xiniypag.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\QooBox\Quarantine\C\WINDOWS\system32\ydtuhnni.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP589\A0255923.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP589\A0255925.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP589\A0255928.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP589\A0255932.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP589\A0255934.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP589\A0255941.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP589\A0255943.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP589\A0255956.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256049.dll Infecté : Trojan.Win32.BHO.bd ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256082.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256083.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256084.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256085.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256086.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256087.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256088.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256089.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256090.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256091.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256092.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256093.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256094.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256095.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256096.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256097.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256098.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256099.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256100.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256101.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256102.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256103.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256104.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256105.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256106.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256107.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256108.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\A0256109.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\System Volume Information\\\\\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP591\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\alqiuged.exe L'objet est verrouillé ignoré

Merci encore, et j'espère que l'on touche au but!!

EDIT2: Désolé pour la mise en forme aléatoire, je sais pas ce qui se passe j'arrive pas à copier coller correctement :s



Modifié par justbeaware le 16/07/2007 21:19
Chercheur
 Posté le 17/07/2007 à 01:17 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Des fichiers temporaires, des sauvegardes d'utilitaires et le système de restauration.

Pas grand chose.

Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Lance le nettoyage.

Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


Lance OTmoveIT.
[*]Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.
[*]Une liste apparait dans la partie gauche d'OTmoveIT.
[*]Un message apparait pour confirmer le nettoyage. Confirme


Redémarre le PC


Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Décocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


As tu encore des dysonctionnements ?

justbeaware
 Posté le 18/07/2007 à 08:30 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonjour

Je n'ai plus de dysfonctionnements lorsque je vais sur internet, bureau...

Mais aprés avoir fait une nouvelle analyse kaspersky je me suis rendu compte qu'il y avait encore un virus et 2 objets infectés sur le poste de travail.

Voici le rapport des 2 objets infectés:

C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

Voila tout

Merci pour ton aide.



Modifié par justbeaware le 18/07/2007 17:49
Publicité
Chercheur
 Posté le 19/07/2007 à 19:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour


Il s'agit de fichiers temporaires qui ont résisté à CCleaner.


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ
C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera surement demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\\_OTMoveIt\MovedFiles

justbeaware
 Posté le 19/07/2007 à 21:40 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Et voici un rapport de plus !

Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\\\_affvm[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\x2h7dh[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\kcehc_eicooc20070702[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\info_48[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\imp[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\820532793[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\1975559775@Top,Bottom,Bottom2[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\161092292[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\1419010854[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\1387176537@Top,Bottom,Bottom2[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\1242245413@x07,x05,x06[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\1100062438[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\1053105007@Top,Bottom,Bottom2[1] scheduled to be moved on reboot.
C:\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ moved successfully.
Folder move failed. C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK\log-antispyware[2] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK\log-antispyware[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK\kcehc_eicooc20070702[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK\get_video[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK\;bp=OK;tile=1;sz=300x250;ord=5395638047441937[1] scheduled to be moved on reboot.
C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK moved successfully.
File/Folder not found.

Merci.



Modifié par justbeaware le 19/07/2007 21:40
Chercheur
 Posté le 20/07/2007 à 00:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bien, as tu encore des dysfonctionnements ?
justbeaware
 Posté le 20/07/2007 à 13:11 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Malheureusement, oui.

Deux virus et trois objets infectés:

C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\BP7T8BV4\masiyxanidi[1] Infecté : Trojan-Dropper.Win32.Agent.bmk ignoré

C:\\_OTMoveIt\MovedFiles\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\\_OTMoveIt\MovedFiles\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

Je ne comprends vraiment pas comment ces virus apparaissent alors que c'était presque fini.

Chercheur
 Posté le 20/07/2007 à 16:56 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour

La localisation de ces fichiers correspond à deux localisations :

* Le premier correspond à des fichiers internet temporaires. Donc généralement aux habitudes de surfs, aux téléchargements , ...

Donne ceci à manger à OTMoveIt

C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\BP7T8BV4

* Les deux autres sont la sauvegarde d'OTMoveIt, donc non dangereux.

Refais un san avec Kaspersky pour vérifier.

justbeaware
 Posté le 24/07/2007 à 14:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Les 2 virus et les 3 objects infectés ont encore résistés...

C:\\_OTMoveIt\MovedFiles\Documents and Settings\BEATRICE\Local Settings\Temporary Internet Files\Content.IE5\WA1EA0ZZ\kcehc_eicooc20070702[1]

Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\\_OTMoveIt\MovedFiles\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\4MPSQ5JK\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\\_OTMoveIt\MovedFiles\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\BP7T8BV4\masiyxanidi[1] Infecté : Trojan-Dropper.Win32.Agent.bmk ignoré

Merci encore.

Chercheur
 Posté le 24/07/2007 à 15:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour

Il s'agit de la sauvegarde d'OTMoveIt.

Lance OTmoveIT.
[*]Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.
[*]Une liste apparait dans la partie gauche d'OTmoveIT.
[*]Un message apparait pour confirmer le nettoyage. Confirme

justbeaware
 Posté le 25/07/2007 à 16:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonjour

Toujours le même résultat mais pas les mêmes objects infectés il me semble!

C:\RECYCLER\S-1-5-21-1449542653-3563514748-4210259494-1007\Dc3\Content.IE5\4MPSQ5JK\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

C:\RECYCLER\S-1-5-21-1449542653-3563514748-4210259494-1007\Dc3\Content.IE5\BP7T8BV4\masiyxanidi[1] Infecté : Trojan-Dropper.Win32.Agent.bmk ignoré

C:\RECYCLER\S-1-5-21-1449542653-3563514748-4210259494-1007\Dc6\Content.IE5\WA1EA0ZZ\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré

Et voilà, j'espère que ce sera bientôt fini.



Modifié par justbeaware le 25/07/2007 16:05
Publicité
Chercheur
 Posté le 25/07/2007 à 22:26 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour

Il s'agit de leur corbeille.

Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le.
Lance le nettoyage.

Page : [1] 
Page 1 sur 1

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Les bons plans du moment PC Astuces

Tous les Bons Plans
329,90 €Ecran ultra large LG 34 pouces 34WL50S-B à 329,90 €
Valable jusqu'au 01 Mars

Amazon propose actuellement l'écran 34 pouces LG 34WL50S-B à 329,90 € livré gratuitement alors qu'on le trouve à partir de 400 € ailleurs. Cet écran ultra large est au format 21/9, possède une dalle IPS et offre une résolution de 2560 x 1080 pixels. Avec lui, vous pourrez bénéficier d'une plus grande immersion dans les jeux et les films. Cet écran est compatible FreeSync.


> Voir l'offre
13,88 €Carte mémoire microSDXC UHS-I U3 SanDisk Extreme 64 Go (jusqu'à 160 Mo/s) à 13,88 €
Valable jusqu'au 05 Mars

Amazon fait une promotion sur la carte mémoire microSDXC UHS-I U3 SanDisk Extreme 64 Go qui passe à 13,88 €. Cette carte mémoire offre des vitesses jusqu'à 160 Mo/s et est idéale pour les téléphones, caméras et appareils photo HD. Elle est compatible GoPro, Switch et est accompagnée d'un adaptateur SD.


> Voir l'offre
34,90 €Caméra de surveillance TP-Link Tapo C200 à 34,90 €
Valable jusqu'au 28 Février

Amazon fait une promotion sur la caméra de surveillance TP-Link Tapo C200 qui passe à 34,90 € livrée gratuitement au lieu d'une quarantaine d'euros ailleurs. Cette caméra se connecte à votre réseau en WiFi et peut ensuite être contrôlée à distance. Elle offre une définition FullHD 1080p, la vision nocturne, la détection de mouvements (recevez une notification si quelque chose est détecté), une alarme sonore et visuelle. Le stockage se fait en local sur une carte MicroSD.


> Voir l'offre

Sujets relatifs
comment se débarrasser du virus trojan.win32.agent
Virus "Backdoor.Win32 Agent.bxz"
virus ardware.win32.agent
virus msn / win32 agent.bid
Eliminer Rootkit : WIN32:Agent-NZJ – startdvr.exe
virus Win32-Agent-LWP
Virus Win32:Agent-LWP[dialer]
Infection virus Win32:Agent-LWP[Dialer]
Virus - Win32:Agent-HZS & Win32:VBStat-C
j'ai un virus Win32 Agent-HZS, comment faire ?
Plus de sujets relatifs à éliminer virus win32 Agent HZS
 > Tous les forums > Forum Sécurité