flechePublicité

24 messages
Filtrer ok

J'ai un virus tres malin

J'un virus a la noix qui me rajoute un e tonne de fichier temp sa fait lager bmon ordi a font.
J"ai pass hijack et sa me donne en rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:19, on 02/10/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BatteryScope_W2K\batmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PowerPanel\PROGRAM\PcfMgr.exe
C:\Program Files\Sony\Sony Notebook Setup\SNSetup.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.free.fr...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BatteryScope.lnk = C:\Program Files\BatteryScope_W2K\batmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\PROGRAM\PcfMgr.exe
O4 - Global Startup: Sony Notebook Setup.lnk = C:\Program Files\Sony\Sony Notebook Setup\SNSetup.exe
O8 - Extra context menu item: &Search - bar.mywebsearch.com...
O8 - Extra context menu item: E&xport to Microsoft Excel - C:PROGRA~1MICROS~2Office10EXCEL.EXE...
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com...
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - acs.pandasoftware.com...
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - download.movienetworks.com...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - software-dl.real.com...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - h20436.www2.hp.com...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - acs.pandasoftware.com...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - messenger.zone.msn.com...
O18 - Protocol: bw+0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: winrzc32 - C:\WINDOWS\SYSTEM32\winrzc32.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - (no file)
O23 - Service: Netgear Wireless Domain Login Service (NWDLS) - Unknown owner - C:\WINDOWS\System32\NWDLS.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 18206 bytes


pouvait vous m'aider a supprimer se virus ou a le rendre inactif ?

merci d'avance.
 
 
Salut,

fait cela dans l'ordre stp,


Tlcharge ToolBar-S&D (D'Angeldark, Sham_Rock & XmichouX)[/g] sur ton bureau.
Double-clique sur l'icne afin de le lancer.

Choisie [b]"F"
pour la langue > presses la touche "entre" pour valider.

Dans la fentre qui s'ouvre fais la choix N2 (Suppression) > presses la touche "entre" pour valider.


Patiente jusqu' la fin de la recherche > sauvegarde le rapport qui s'ouvre la fin du scan sur ton bureau et poste le dans ta prochaine rponse stp...

ensuite...

tlcharge ST_Fix_Beta (de Batch_Man) sur ton bureau
pour cela rend toi sur cette page
rs536.rapidshare.com...

cliques sur

puis sur la nouvelle page,cliques sur

une fois le fichier tlcharger...


fait un double-clic sur l'icone du fichier tlcharger pour l'excuter.

ensuite tu obtient cette fentre,cliques sur "excuter"


ensuite tu obtient cette fentre



fait le choix "3"(dsinfection IE et Firefox) puis tape sur la touche "entre" de ton clavier.

poste le rapport qui s'ouvre ...



et enfin poste un nouveau rapport HijacKthis stp...

@++



MyTools
Edit le 03/10/2009 11:59[/b]
 
 
jeanmimigab a écrit:
Salut,

fait cela dans l'ordre stp,


Tlcharge ToolBar-S&D (D'Angeldark, Sham_Rock & XmichouX)[/g] sur ton bureau.
Double-clique sur l'icne afin de le lancer.

Choisie [b]"F"
pour la langue > presses la touche "entre" pour valider.

Dans la fentre qui s'ouvre fais la choix N2 (Suppression) > presses la touche "entre" pour valider.


Patiente jusqu' la fin de la recherche > sauvegarde le rapport qui s'ouvre la fin du scan sur ton bureau et poste le dans ta prochaine rponse stp...

ensuite...

tlcharge ST_Fix_Beta (de Batch_Man) sur ton bureau
pour cela rend toi sur cette page
rs536.rapidshare.com...

cliques sur

puis sur la nouvelle page,cliques sur

une fois le fichier tlcharger...


fait un double-clic sur l'icone du fichier tlcharger pour l'excuter.

ensuite tu obtient cette fentre,cliques sur "excuter"


ensuite tu obtient cette fentre



fait le choix "3"(dsinfection IE et Firefox) puis tape sur la touche "entre" de ton clavier.

poste le rapport qui s'ouvre ...



et enfin poste un nouveau rapport HijacKthis stp...

@++



MyTools[/b]

+1
 
 
Voici le rapport que sa m'a donn:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 )
X86-based PC ( Uniprocessor Free : Processeur Intel Pentium III )
BIOS : PhoenixBIOS 4.0 Release 6.0
USER : grl ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:6 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:4 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 03/10/2009|18:45 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\System32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.free.fr/search/"
"Start Page"="http://www.google.fr/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouve !


1 - "C:\ToolBar SD\TB_1.txt" - 03/10/2009|18:48 - Option : [2]

-----------\\ Fin du rapport a 18:48:00,39

voila je continue se que tu m'a dit de faire.

Voila le 2eme rapport:

///// ST_Fix \\\\\


Debut le 03/10/2009 a 18:55:05,51

Option [3] - Firefox + Internet Explorer

///// Firefox \\\\\

Valeur de la page de demarrage avant desinfection

[B] Valeur de la page de demarrage apres desinfection




[B] ///// Internet Explorer \\\\\


Valeur de la page de demarrage avant desinfection : www.google.fr...
[B] Valeur de la page de demarrage apres desinfection : www.google.fr...

[B] Valeur de la page de Tabs avant desinfection : ieframe.dll...
[B] Valeur de la page de Tabs apres desinfection : ieframe.dll...

Fin du Rapport le 03/10/2009 a 18:56:07,16

[B] **************** Fin ****************


et je refais le rapport hijack.
 
 
rebijour;
j'ai fait le rapport hijack et voila se que sa me donne:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:04, on 03/10/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BatteryScope_W2K\batmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PowerPanel\PROGRAM\PcfMgr.exe
C:\Program Files\Sony\Sony Notebook Setup\SNSetup.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.free.fr...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BatteryScope.lnk = C:\Program Files\BatteryScope_W2K\batmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\PROGRAM\PcfMgr.exe
O4 - Global Startup: Sony Notebook Setup.lnk = C:\Program Files\Sony\Sony Notebook Setup\SNSetup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - C:PROGRA~1MICROS~2Office10EXCEL.EXE...
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com...
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - acs.pandasoftware.com...
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - download.movienetworks.com...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - software-dl.real.com...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - h20436.www2.hp.com...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - acs.pandasoftware.com...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - messenger.zone.msn.com...
O18 - Protocol: bw+0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: winrzc32 - C:\WINDOWS\SYSTEM32\winrzc32.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - (no file)
O23 - Service: Netgear Wireless Domain Login Service (NWDLS) - Unknown owner - C:\WINDOWS\System32\NWDLS.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 18177 bytes

Je vais voir si le virus et mort en tout cas merci de t'etre interress a mon probleme.
merci beaucoup @+
 
 
Bonsoir DGAGO ,

ils sont toujours l...

fait cela dans l'ordre stp...

relance hijacthis en choisissant "do a system scan only" ,slectionne les lignes indiques dans la citation ci-dessous en cliquant sur la case gauche de chaque lignes (si toujours prsentent)et cliques sur "fix checked"

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - software-dl.real.com
O18 - Filter hijack: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: winrzc32 - C:\WINDOWS\SYSTEM32\winrzc32.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - (no file)

ensuite...

Tlcharge >>>OTM.exe<<< (de Oldt_Timer) sur ton Bureau.


> Fait un double-clique sur OTMoveIt3.exe pour lancer l'excutable
> Copie la liste qui se trouve dans cette citation


:Processes
desktop.exe

:Files
C:\WINDOWS\isrvs
C:\WINDOWS\SYSTEM32\winrzc32.dll

:Commands
[emptytemp]


> Colle la dans le cadre de gauche de OTM


> Clic sur MoveIt! Pour lancer la suppression.
> Le rsultat apparaitra dans le cadre Results.
> Clic sur Exit pour fermer.
> Il te sera peut-tre demander de redmarrer le pc pour achever la suppression.
> Si c'est le cas accepte par Yes.
> Poste le rapport situ dans C:\_OTMoveIt\MovedFiles sous la forme Date_Heure.log par Expl : ( 041009_203000.log )

et enfin...

poste un nouveau rapport HijackThis pour contrler tout a...

@++
 
 
Bonjour jeanmimigab,

Merci encore pour ton aide. J'ai effectu les oprations dans l'ordre que tu m'as indiqu.
Voici les rapports:

OTM:

All processes killed
========== PROCESSES ==========
No active process named desktop.exe was found!
========== FILES ==========
C:\WINDOWS\isrvs moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\winrzc32.dll
C:\WINDOWS\SYSTEM32\winrzc32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\winrzc32.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: grl
->Temp folder emptied: 8587693 bytes
File delete failed. C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\SDMN492Z\recherche[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\S1IVK9IB\ShowFolder[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\JOD93C0S\ads[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\immobilier[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\EF4DO9MV\google[1]. scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 52497581 bytes
->Java cache emptied: 244354 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33328 bytes

User: lydia
->Temp folder emptied: 217 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\LastGood.Tmp\System32\DRIVERS folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\System32 folder deleted successfully.
C:\WINDOWS\LastGood.Tmp folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 18848 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\winFB.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 40004408 bytes
RecycleBin emptied: 28911499 bytes

Total Files Cleaned = 124,39 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10042009_145950

Files moved on Reboot...
File C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\SDMN492Z\recherche[1]. not found!
File C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\S1IVK9IB\ShowFolder[1]. not found!
File C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\JOD93C0S\ads[1]. not found!
File C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\immobilier[1]. not found!
File C:\Documents and Settings\grl\Local Settings\Temporary Internet Files\Content.IE5\EF4DO9MV\google[1]. not found!
C:\WINDOWS\temp\winFB.tmp moved successfully.

Registry entries deleted on Reboot...


HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:24, on 04/10/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BatteryScope_W2K\batmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PowerPanel\PROGRAM\PcfMgr.exe
C:\Program Files\Sony\Sony Notebook Setup\SNSetup.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.free.fr...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BatteryScope.lnk = C:\Program Files\BatteryScope_W2K\batmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\PROGRAM\PcfMgr.exe
O4 - Global Startup: Sony Notebook Setup.lnk = C:\Program Files\Sony\Sony Notebook Setup\SNSetup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - C:PROGRA~1MICROS~2Office10EXCEL.EXE...
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com...
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - acs.pandasoftware.com...
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - download.movienetworks.com...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - h20436.www2.hp.com...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - acs.pandasoftware.com...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - messenger.zone.msn.com...
O18 - Protocol: bw+0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B071A45-F1CE-4339-B089-70E9EDD88EF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: winrzc32 - winrzc32.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - (no file)
O23 - Service: Netgear Wireless Domain Login Service (NWDLS) - Unknown owner - C:\WINDOWS\System32\NWDLS.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 17790 bytes


J'ai galement pass hier Spybot et il a trov 2 problmes dont 1 qu'il n'arrivait pas a retirer. J'ai alors programm Spybot au redemarrage, il a retir virtumonde mais n'a pas russit retirer : " Win32.FraudLoad.edt "

J'ai galement un autre problme depuis quelques mois. Quand j'etteins mon PC par "dmarrer, arrter l'ordinateur " , celui-ci ferme la session et au moment ou il va s'etteindre un page Bleue (genre Dos) apparait trs rapidement et disparait et mon PC redmarre tout seul !!! Que faire?

Merci encore de ta disponibilit.

@ ++++
 
 
salut,

bon c'est pas mal,on continue

.dsactive ton Anti-virus le temps de faire ces manipulations.

>>Tlcharge Winsockxpfix sur ton bureau et passe la suite.

==========================================================================================================

ensuite...

Tlcharge Combofix sur ton Bureau (et pas ailleurs)en le renommant avant qu'il n'atterrisse sur ton bureau.
pour cela fait un clic droit sur Combofix.exe ,choisie "enregistrer la cible du lien sous..." et renomme le en DGADO.exe pour l'emplacement choisie ton bureau et clic sur "enregistrer"


Double clique DGADO.exe(le fichier tlcharger).
Tape sur la touche1 pour dmarrer le scan et suis les instructions indiques par combofix.
Lorsque le scan sera complet, un rapport apparatra. Copie/colle ce rapport dans ta prochaine rponse.
NOTE : Le rapport se trouve galement ici : C:\Combofix.txt
NOTE : Ne pas cliquer dans la fentre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

=========================================================================================================

si a tout hasard ta connexion internet n'est plus active aprs le redmarrage du pc fait cela pour la rparer...

Fait un double clic sur l'icne de WinsockXPFix.


>>clique sur "Fix" > et si ton pc ne redmarre pas,redmarre le manuellement.


@++
Edit le 04/10/2009 17:21
 
 
Salut,

Voici le rapport Combofix: (je n'ai pas eu de problme de connexion aprs)

ComboFix 09-10-03.01 - grl 04/10/2009 18:10.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.255.163 [GMT 2:00]
Lanc depuis: c:\documents and settings\grl\Bureau\DGADO.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\program files\Internet Explorer\fxavx.ini
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\Install.inf
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\system32\i
c:\windows\system32\open.ico

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Irmon
-------\Service_Irmon


((((((((((((((((((((((((((((( Fichiers crs du 2009-09-04 au 2009-10-04 ))))))))))))))))))))))))))))))))))))
.

2009-10-04 12:59 . 2009-10-04 12:59 -------- d-----w- C:\_OTM
2009-10-03 16:56 . 2009-10-03 16:56 3502 ----a-w- C:\Internet Explorer.reg
2009-10-03 16:43 . 2009-10-03 16:48 -------- d-----w- C:\ToolBar SD
2009-10-02 20:38 . 2009-10-02 20:38 -------- d-----w- c:\program files\Trend Micro
2009-09-04 17:57 . 2009-09-04 19:04 -------- d-----w- c:\windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 18:25 . 2004-12-14 15:08 -------- d-----w- c:\program files\Windows ControlAd
2009-09-02 15:46 . 2009-09-02 15:46 -------- d-----w- c:\program files\Panda Security
2009-08-27 16:24 . 2009-02-15 15:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 20:37 . 2005-06-11 17:43 104485 ----a-w- c:\windows\hpoins04.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les lments vides & les lments initiaux lgitimes ne sont pas lists
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-05-21 221184]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"AS00_WPN511"="c:\program files\NETGEAR\WPN511\Utility\WPN511.exe" [2007-02-06 1130496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-06-06 77824]
"JOGSERV2.EXE"="c:\program files\Sony\Jog Dial Utility\JogServ2.exe" [2001-08-23 1458176]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2001-07-17 409600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-10-02 13312]

c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage\
BatteryScope.lnk - c:\program files\BatteryScope_W2K\batmgr.exe [2009-3-26 585728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
PowerPanel.lnk - c:\program files\PowerPanel\PROGRAM\PcfMgr.exe [2009-3-27 229376]
Sony Notebook Setup.lnk - c:\program files\Sony\Sony Notebook Setup\SNSetup.exe [2009-3-27 45056]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [02/09/2009 17:46 28544]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [13/02/2009 12:23 16194]
R3 EPPSCSIx;Agfa EPPSCSI Driver;c:\windows\system32\drivers\EPPSCAN.sys [21/10/1999 16:10 95336]
R3 FCUSB;Freecom Cable II USB Driver;c:\windows\system32\drivers\FCUSB.sys [29/11/2001 12:05 13104]
R3 MemStPCI;Contrleur Sony Memory Stick (PCI);c:\windows\system32\drivers\MemStPCI.SYS [04/06/2004 13:58 24320]
R3 neo20xx;neo20xx;c:\windows\system32\drivers\neo20xx.sys [04/06/2004 13:58 39264]
R3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\drivers\wpn511.sys [13/02/2009 12:23 488992]
S3 fbxusb;Carte rseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 21344]
.
.
------- Examen supplmentaire -------
.
uStart Page = www.google.fr...
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - download.movienetworks.com...
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - www.bitdefender.fr...
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Steam - (no file)
HKU-Default-Run-Microsoft Update - vpc32.exe
Notify-winrzc32 - winrzc32.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net...
Rootkit scan 2009-10-04 18:30
Windows 5.1.2600 NTFS

Recherche de processus cachs ...

Recherche d'lments en dmarrage automatique cachs ...

Recherche de fichiers cachs ...

Scan termin avec succs
Fichiers cachs: 0

**************************************************************************
.
--------------------- DLLs charges dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(74
c:\windows\system32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

- - - - - - - > 'lsass.exe'(80
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(304
c:\program files\Sony\Jog Dial Utility\WMHook.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
.
Heure de fin: 2009-10-04 18:38 - La machine a redmarr
ComboFix-quarantined-files.txt 2009-10-04 16:38

Avant-CF: 885800960 octets libres
Aprs-CF: 786505728 octets libres

WinXP_FR_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect

120

Merci et j'espre que ces virus vont finir par partir.

Au fait, mon PC est un Pentium III, 496 MHz, 256 Mo de RAM - Sony Vaio de 10 ans.

Je n'ai pas d'antivirus, que me conseilles tu? Pour ne pas que cela fasse ramer trop ma machine!!!??


Merci encore.

@+++
 
 
Bonne nouvelle, lorsque j'arrte mon PC, celui-ci ne redemarre plus tout seul. C'est bon signe et cela fait du bien.

Trop fort jeanmimigab
 
 
hello,

pas d'antivirus (panda est prsent mais non actif),internet explorer pas jour(la cause principale de ton infection),et une version de Java non jours, >> tu as de la chance que ton pc tourne encore...

il reste des traces d'infections ( virtumonde) sur ton pc...ds que le pc sera clean,je t'indiquerai la mthode pour que ton pc soit jours.

pour l'instant fait cela stp...

si tu as "Panda scurity" dans "ajout/suppression de programme" ,dsinstalle le...

ensuite...

cre un nouveau document texte comme cela:
clic droit sur le Bureau > Nouveau > Document Texte. Ouvre le et fait un copier-coller du contenu de cette citation l'intrieure(en une seule fois)

log.txt " HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
notepad c:\log.txt

puis clic sur Fichier (en haut gauche) > enregistrer sous > choisie sur ton Bureau
et pour type de fichier slectionne tous les fichiers et dans nom du fichier tape regexport.bat
ferme la fentre de ton fichier.
une fois enregistrer sur le bureau il doit imprativement tre comme cette icne





Fait un double-clic sur sur l'icne regexport qui se trouve sur ton bureau et poste le contenu du rapport texte qui s'ouvre.
>>> au cas ou tu aurais fermer le rapport avant de le copier,il se trouve ici >> c:\log.txt

une fois que tu m'as poster ce rapport,passe la suite...

>tlcharge Malwarebytes >>ICI
>Installe le et met le jours avant le scan
> choisie "excuter un examen rapide" et la fin du scan , coche tous les lments trouvs,et on clic sur supprimer la slection.
> et ensuite poste moi le rapport stp.

@++
Edit le 04/10/2009 20:06
 
 
J'ai bien cr un fichier regexport sur le bureau. L'icone est exactement comme tu me l'a indiqu.
Quand je doucle-clic dessus cela m'ouvre une fentre noire avec le message suivant:
C:\Documents and Settings\grl\Bureau>log.txt " HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
'log.txt' n'est pas reconnu en tant que commande interne ou externe, un programme excutable ou un fichier de commandes.

C:\Documents and Settings\grl\Bureau>notepad c:\log.txt

Ensuite un fichier Bloc-note nomm log.txt s'ouvre et rien n'est incrit.

Dois-je passer l'tape suivante?

J'attends ton feu vert. Je souhaite desormais que mon PC tourne !!!! et coute tes prcieux conseilles.

Merci

@+++
 
 
re,

bizarre

tu peux passer la suite,je prpare autre chose en attendant...

 
 
hello,

ds que tu as poster le rapport Malwarebytes,fait cela stp...

Peu tre que spybot nous gne dans nos manip avec lez registre

dsactive imprativement le TeaTimmer de spybot comme cela
ouvre Spybot...dans la colonne de gauche,cliques sur "rsident" >> ensuite dcoches la case "rsident tea timmer...." et refermes Spybot.

puis...

tlcharge jeanmimi.exe sur ton bureau.

fait un double clic dessus et poste le rapport qui s'ouvre (enfin,qui devrait s'ouvrir)

@++
 
 
Bonsoir,

J'ai pass Malwarebytes' Anti-Malware et celui-ci n'a trouv aucun lments nuisible.

Voici le rapport :

Malwarebytes' Anti-Malware 1.41
Version de la base de donnes: 2905
Windows 5.1.2600

04/10/2009 21:53:06
mbam-log-2009-10-04 (21-53-06).txt

Type de recherche: Examen rapide
Elments examins: 113199
Temps coul: 13 minute(s), 15 second(s)

Processus mmoire infect(s): 0
Module(s) mmoire infect(s): 0
Cl(s) du Registre infecte(s): 0
Valeur(s) du Registre infecte(s): 0
Elment(s) de donnes du Registre infect(s): 0
Dossier(s) infect(s): 0
Fichier(s) infect(s): 0

Processus mmoire infect(s):
(Aucun lment nuisible dtect)

Module(s) mmoire infect(s):
(Aucun lment nuisible dtect)

Cl(s) du Registre infecte(s):
(Aucun lment nuisible dtect)

Valeur(s) du Registre infecte(s):
(Aucun lment nuisible dtect)

Elment(s) de donnes du Registre infect(s):
(Aucun lment nuisible dtect)

Dossier(s) infect(s):
(Aucun lment nuisible dtect)

Fichier(s) infect(s):
(Aucun lment nuisible dtect)

Cela sent bon

J'attends avec hate la suite, tes conseils sont gniaux, Merci M'sieur.
 
 
coucou,

effectivement a sent bon,mais c'est pas encore top...

est ce que tu as essayer cette manip...indique plus haut...

ds que tu as poster le rapport Malwarebytes,fait cela stp...

Peu tre que spybot nous gne dans nos manip avec lez registre

dsactive imprativement le TeaTimmer de spybot comme cela
ouvre Spybot...dans la colonne de gauche,cliques sur "rsident" >> ensuite dcoches la case "rsident tea timmer...." et refermes Spybot.

puis...

tlcharge jeanmimi.exe sur ton bureau.

fait un double clic dessus et poste le rapport qui s'ouvre (enfin,qui devrait s'ouvrir)


@+
 
 
Yes you can,

Ton fichier a fonctionn, voici le rapport:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="PC-DE-GREG"
"DefaultUserName"="grl"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\
00,00,00
"LogonType"=dword:00000001
"Background"="0 0 0"
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000000
"AltDefaultUserName"="grl"
"AltDefaultDomainName"="PC-DE-GREG"
"AutoAdminLogon"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota du disque Microsoft"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Planificateur de paquets QoS"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
@="Personnalisation de Internet Explorer"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installation de logiciel"
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Scurit IP"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000


Alors Docteur, mon PC est-il en voie de gurison?

Bonne soire

@+++
 
 
Yes We can...

je pense que le pc est clean,mais certaines choses peuvent ne pas tre visibles sur nos rapports...


on vas supprimer les traces d'anciens antivirus ..

tlcharges et excutes cet utilitaire de dsinstallation pour "Panda scurity"

ICI

ensuite,si ce n'est pas demander,redmarre ton pc...

puis comme antivirus,gratuit,trs efficace et peu groumant,je te conseille Antivir....

ICI

tlcharge le,installe le,paramtre la et fait un scan pour me poster le rapport...

pour le paramtrer,tu peux visionner cet exellent tuto vido de Bobette Marlow


ICI

je te laisse pour ce soir,je me lve tt demain,je jette un oeil ton rapport Antivir quand je rentre du boulot

bonne nuit
 
 
Salut Jeanmimi,

J'ai pass l'utilitaire de desinstallation de Panda, J'ai charg Antivir et paramtr comme indiqu par Bobette Marlow, effectivement super tuto.

Voici le rapport d'antivir:

Avira AntiVir Personal
Date de cration du fichier de rapport : lundi 5 octobre 2009 00:03

La recherche porte sur 1772828 souches de virus.

Dtenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numro de srie : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (plain) [5.1.2600]
Mode Boot : Dmarr normalement
Identifiant : SYSTEM
Nom de l'ordinateur : PC-DE-GREG

Informations de version :
BUILD.DAT : 9.0.0.70 18071 Bytes 25/09/2009 12:03:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 04/10/2009 21:30:57
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 21:30:44
ANTIVIR2.VDF : 7.1.6.50 4333568 Bytes 29/09/2009 21:30:50
ANTIVIR3.VDF : 7.1.6.68 216576 Bytes 02/10/2009 21:30:50
Version du moteur : 8.2.1.33
AEVDF.DLL : 8.1.1.2 106867 Bytes 04/10/2009 21:30:55
AESCRIPT.DLL : 8.1.2.35 483707 Bytes 04/10/2009 21:30:54
AESCN.DLL : 8.1.2.5 127346 Bytes 04/10/2009 21:30:54
AERDL.DLL : 8.1.3.2 479604 Bytes 04/10/2009 21:30:54
AEPACK.DLL : 8.2.0.0 422261 Bytes 04/10/2009 21:30:54
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 04/10/2009 21:30:53
AEHEUR.DLL : 8.1.0.166 2003319 Bytes 04/10/2009 21:30:53
AEHELP.DLL : 8.1.7.0 237940 Bytes 04/10/2009 21:30:51
AEGEN.DLL : 8.1.1.67 364916 Bytes 04/10/2009 21:30:51
AEEMU.DLL : 8.1.1.0 393587 Bytes 04/10/2009 21:30:51
AECORE.DLL : 8.1.8.1 184693 Bytes 04/10/2009 21:30:50
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 04/10/2009 21:30:56
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 04/10/2009 21:30:40
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tche...............................: Contrle intgral du systme
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorage matre..: marche
Recherche sur les secteurs d'amorage.........: marche
Secteurs d'amorage...........................: C:, D:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrle d'intgrit de fichiers systme......: arrt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de rcursivit..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catgories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR,

Dbut de la recherche : lundi 5 octobre 2009 00:03

La recherche d'objets cachs commence.
'31846' objets ont t contrls, '0' objets cachs ont t trouvs.

La recherche sur les processus dmarrs commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrls
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrls
Processus de recherche 'SNSetup.exe' - '1' module(s) sont contrls
Processus de recherche 'PcfMgr.exe' - '1' module(s) sont contrls
Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrls
Processus de recherche 'batmgr.exe' - '1' module(s) sont contrls
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrls
Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrls
Processus de recherche 'HKServ.exe' - '1' module(s) sont contrls
Processus de recherche 'JogServ2.exe' - '1' module(s) sont contrls
Processus de recherche 'qttask.exe' - '1' module(s) sont contrls
Processus de recherche 'WPN511.exe' - '1' module(s) sont contrls
Processus de recherche 'WZCSLDR2.exe' - '1' module(s) sont contrls
Processus de recherche 'LVCOMSX.EXE' - '1' module(s) sont contrls
Processus de recherche 'explorer.exe' - '1' module(s) sont contrls
Processus de recherche 'svchost.exe' - '1' module(s) sont contrls
Processus de recherche 'avguard.exe' - '1' module(s) sont contrls
Processus de recherche 'alg.exe' - '1' module(s) sont contrls
Processus de recherche 'sched.exe' - '1' module(s) sont contrls
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrls
Processus de recherche 'svchost.exe' - '1' module(s) sont contrls
Processus de recherche 'svchost.exe' - '1' module(s) sont contrls
Processus de recherche 'svchost.exe' - '1' module(s) sont contrls
Processus de recherche 'svchost.exe' - '1' module(s) sont contrls
Processus de recherche 'lsass.exe' - '1' module(s) sont contrls
Processus de recherche 'services.exe' - '1' module(s) sont contrls
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrls
Processus de recherche 'csrss.exe' - '1' module(s) sont contrls
Processus de recherche 'smss.exe' - '1' module(s) sont contrls
'29' processus ont t contrls avec '29' modules

La recherche sur les secteurs d'amorage matre commence :
Secteur d'amorage matre HD0
[INFO] Aucun virus trouv !
Secteur d'amorage matre HD1
[INFO] Aucun virus trouv !

La recherche sur les secteurs d'amorage commence :
Secteur d'amorage 'C:\'
[INFO] Aucun virus trouv !
Secteur d'amorage 'D:\'
[INFO] Aucun virus trouv !

La recherche sur les renvois aux fichiers excutables (registre) commence :
Le registre a t contrl ( '55' fichiers).


La recherche sur les fichiers slectionns commence :

Recherche dbutant dans 'C:\'
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier systme Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas tre ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier systme Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas tre ouvert pour la recherche.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentieu.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt7.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt8.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\System Volume Information\_restore{6B84AF66-9D4D-4779-925A-33684A6DE442}\RP450\A0079282.dll
[RESULTAT] Contient le cheval de Troie TR/Spy.39424.3
C:\WINDOWS\system32\TFTP1904
[RESULTAT] Le fichier est comprim l'aide d'un programme de compression inhabituel (PCK/YodaProt). Veuillez vrifier l'origine de ce fichier.
C:\WINDOWS\system32\TFTP296
[RESULTAT] Contient le modle de dtection du ver WORM/Rbot.TH
C:\_OTM\MovedFiles\10042009_145950\WINDOWS\SYSTEM32\winrzc32.dll
[RESULTAT] Contient le cheval de Troie TR/Spy.39424.3
Recherche dbutant dans 'D:\'

Dbut de la dsinfection :
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentieu.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le rsultat positif a t class comme suspect.
[REMARQUE] Le fichier a t dplac dans le rpertoire de quarantaine sous le nom '4b37b504.qua' !
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt7.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le rsultat positif a t class comme suspect.
[REMARQUE] Le fichier a t dplac dans le rpertoire de quarantaine sous le nom '4b37b505.qua' !
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt8.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le rsultat positif a t class comme suspect.
[REMARQUE] Le fichier a t dplac dans le rpertoire de quarantaine sous le nom '4a690176.qua' !
C:\System Volume Information\_restore{6B84AF66-9D4D-4779-925A-33684A6DE442}\RP450\A0079282.dll
[RESULTAT] Contient le cheval de Troie TR/Spy.39424.3
[REMARQUE] Le fichier a t dplac dans le rpertoire de quarantaine sous le nom '4af9b4cc.qua' !
C:\WINDOWS\system32\TFTP1904
[RESULTAT] Le fichier est comprim l'aide d'un programme de compression inhabituel (PCK/YodaProt). Veuillez vrifier l'origine de ce fichier.
[REMARQUE] Le fichier a t dplac dans le rpertoire de quarantaine sous le nom '4b1db4e2.qua' !
C:\WINDOWS\system32\TFTP296
[RESULTAT] Contient le modle de dtection du ver WORM/Rbot.TH
[REMARQUE] Le fichier a t dplac dans le rpertoire de quarantaine sous le nom '4a52b77b.qua' !
C:\_OTM\MovedFiles\10042009_145950\WINDOWS\SYSTEM32\winrzc32.dll
[RESULTAT] Contient le cheval de Troie TR/Spy.39424.3
[REMARQUE] Le fichier a t dplac dans le rpertoire de quarantaine sous le nom '4b37b506.qua' !


Fin de la recherche : lundi 5 octobre 2009 10:55
Temps ncessaire: 1:54:47 Heure(s)

La recherche a t effectue intgralement

3184 Les rpertoires ont t contrls
307467 Des fichiers ont t contrls
4 Des virus ou programmes indsirables ont t trouvs
3 Des fichiers ont t classs comme suspects
0 Des fichiers ont t supprims
0 Des virus ou programmes indsirables ont t rpars
7 Les fichiers ont t dplacs dans la quarantaine
0 Les fichiers ont t renomms
2 Impossible de contrler des fichiers
307458 Fichiers non infects
5027 Les archives ont t contrles
2 Avertissements
9 Consignes
31846 Des objets ont t contrls lors du Rootkitscan
0 Des objets cachs ont t trouvs

Tu avais raison, des choses invisibles sont ressorties. Antivir a mis 8 objets en quarantaine.
J'espre que ta journe de boulot a t bonne. Pour ma part je dmenage la semaine prochaine et pars 800 km de Paris.
Merci encore de ton aide. Cela fait trs plaisir que des gens passionns donne des coups de main.
A ce soir.

@ +++
 
 
salut DGADO,

Dure la reprise du Lundi

bon c'est pas mal,seul ces deux fichiers infectieux taient encore actifs C:\WINDOWS\system32\TFTP1904
C:\WINDOWS\system32\TFTP296 mais Antivir les a neutraliss

les autres dtections ne sont pas inquitantes,cela concerne les zones de quarantaines de Spybots et OTM3 et les points de restaurations systme.

Tu n'es plus infect...


Il nous reste a dsinstaller de manire automatique tous les outils utiliss pour la dsinfection...

pour cela...


tlcharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

fait un double-clique dessus pour lancer le programme

Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

une fois la recherche lance, ne clique pas dans la fentre, cela provoquerait un lger bug du programme.

Si toutes fois la mention (ne rponds pas) apparaissait dans le titre de la fentre ToolsCleaner, ne t'en occupes pas et laisse quand mme le programme terminer son travail

Poste moi le rapport qui apparait...

Attends mon feu vert pour cliquer sur Suppression

@++
 
 
     
24 messages
Filtrer ok
Vous devez tre connect pour crire un message !

BE GEEK ! Avec Clubic Logo

flechePublicité