-
Compteur de contenus
684 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par papyreunion
-
Infecté par zango.shoppingReport [RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
Pour le moment non. -
infection trojan beagle
papyreunion a répondu à un(e) sujet de rk2kts dans Analyses et éradication malwares
Bonjour, essaye de voir là : http://www.malekal.com/W32.Beagle.KF_Trojan.Tooso.R.php -
Infecté par zango.shoppingReport [RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
je peux désinstaller combofix, et supprimer les fichiers dans l'onglet quarantaine ? -
Infecté par zango.shoppingReport [RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
RAPPORT DE malwarebytes : Malwarebytes' Anti-Malware 1.18 Version de la base de données: 889 12:55:08 25/06/2008 mbam-log-6-25-2008 (12-55-08).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 118792 Temps écoulé: 33 minute(s), 50 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.65.0 (Adware.Zango) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. -
Infecté par zango.shoppingReport [RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
ComboFix 08-06-20.4 - Mike974 2008-06-25 10:46:33.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.718 [GMT 2:00] Endroit: C:\Documents and Settings\Mike974\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))))))) . 2008-06-25 09:43 . 2008-06-25 09:43 <REP> d-------- C:\WINDOWS\LastGood 2008-06-25 09:39 . 2008-06-25 09:39 657,408 --a------ C:\WINDOWS\isRS-000.tmp 2008-06-11 12:45 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-07 12:19 . 2008-06-25 09:33 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-03 00:15 . 2008-06-14 13:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-03 00:15 . 2008-06-03 00:15 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-02 16:57 . 2008-06-02 17:01 <REP> d-------- C:\Program Files\adslTV 2008-05-29 08:25 . 2008-05-29 08:25 <REP> d-------- C:\Program Files\Ubisoft 2008-05-25 14:40 . 2008-05-25 14:40 <REP> d-------- C:\WINDOWS\system32\FlashAX 2008-05-25 14:39 . 2008-05-25 14:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MGS . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-25 07:40 --------- d-----w C:\Program Files\Glary Utilities 2008-06-25 07:33 --------- d-----w C:\Program Files\SpywareBlaster 2008-06-22 12:34 33,080 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-22 12:34 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-06-22 11:40 --------- d-----w C:\Program Files\AV VCS 3.0 2008-06-17 15:57 --------- d-----w C:\Program Files\Mafia 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-04 14:49 --------- d-----w C:\Program Files\LimeWire 2008-06-03 07:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-03 07:21 --------- d-----w C:\Program Files\Google 2008-06-02 16:26 --------- d-----w C:\Documents and Settings\Mike974\Application Data\vlc 2008-05-30 16:50 --------- d-----w C:\Documents and Settings\Mike974\Application Data\DivX 2008-05-29 12:43 --------- d-----w C:\Program Files\jv16 PowerTools 2008-05-23 09:17 --------- d-----w C:\Program Files\Microsoft Picture It! 7 2008-05-18 15:10 --------- d-----w C:\Documents and Settings\Mike974\Application Data\MySpace 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-30 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-26 09:20 --------- d-----w C:\Documents and Settings\Mike974\Application Data\Grisoft 2008-04-26 09:19 --------- d-----w C:\Program Files\Apple Software Update 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2007-11-10 17:58 22,328 -c--a-w C:\Documents and Settings\Mike974\Application Data\PnkBstrK.sys 2007-04-23 14:26 45,328 -c--a-w C:\Documents and Settings\Mike974\Application Data\GDIPFONTCACHEV1.DAT 2006-02-04 11:54 294,285,337 -c--a-w C:\Documents and Settings\All Users\battlefield_2_patch_v1.12_multi-langues_18036.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 19:26 262401] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06 7311360] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogOff"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL "VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll "VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll "msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm "msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm "msacm.enc"= ITIG726.acm [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "<NO NAME>"= "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" "SoundMan"=SOUNDMAN.EXE "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "nwiz"=nwiz.exe /install "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe "LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\The All-Seeing Eye\\eye.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 10:11] S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12] S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12] S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12] S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12] S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);C:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12] S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 15:12] S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);C:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-06-23 17:22:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-25 07:41:23 C:\WINDOWS\Tasks\GlaryInitialize.job" - C:\Program Files\Glary Utilities\initialize.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-25 10:47:45 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-25 10:48:53 ComboFix-quarantined-files.txt 2008-06-25 08:48:24 Pre-Run: 40,930,631,680 octets libres Post-Run: 40,961,454,080 octets libres 136 --- E O F --- 2008-06-25 07:45:49 -
Infecté par zango.shoppingReport [RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
Bonjour Falkra, Ci-dessous rapport HIJACKTHIS / Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:57, on 25/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mike974\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 6537 bytes -
Infecté par zango.shoppingReport [RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
Bonjour, De nouveau ce jour 25 juin après analyse de spybot : infecté par ZANGO 2 éléments et ZANGO.WeatherDPA 1 élément. Comment s'en débarrasser. -
Infecté par registryhelper et zolb.dowloader.bs et .vcd[resolu]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
Merci pour ton Aide. -
Infecté par registryhelper et zolb.dowloader.bs et .vcd[resolu]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
PROTOCOLE TCP/IP changé avec les DNS DE FREE ok. ci-joint LOG hijackthis : Je trouve qu'il ya beaucoup LIGNE 018 et 04 global startup... et les 2 lignes 024 me semblent bizarre ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:21:34, on 13/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.fr.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/?.home=msgr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - Global Startup: Configuration Utility.lnk.disabled O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O17 - HKLM\System\CCS\Services\Tcpip\..\{40828758-11D2-4ABE-852C-07037A365613}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{52F4B205-D81B-44C2-A758-ADA01A21A034}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{DAFA3A34-B346-4B6A-A779-7549A7E57FDF}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: bw+0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O24 - Desktop Component 0: (no name) - http://www.kissdesign.net/cartesvirtuelles.../fondmilieu.gif O24 - Desktop Component 1: (no name) - http://gfx2.hotmail.com/mail/w2/ltr/theme0/ToolbarBGx3.gif -- End of file - 17878 bytes -
Infecté par registryhelper et zolb.dowloader.bs et .vcd[resolu]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
comment désinstaller SMITFRAUDFIX je n'ai pas d'uninstall ? ni dans ajout/supp. MERCI -
Infecté par registryhelper et zolb.dowloader.bs et .vcd[resolu]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
WIFI -
Infecté par registryhelper et zolb.dowloader.bs et .vcd[resolu]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
bonjour, Je désinstalle SMITFRAUDIX ? pour le fournisseur d'accès c'est FREE, les DNS sont 212.27.53.252 primaire et secondaire 212.27.54.252 sur le courrier de FREE -
Infecté par registryhelper et zolb.dowloader.bs et .vcd[resolu]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
SmitFraudFix v2.323 Rapport fait à 9:53:30,84, 13/06/2008 Executé à partir de C:\Documents and Settings\papa\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Glary Utilities\Integrator.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\fb19dc20bad2e1b3438b71fff9b569aa\update\update.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 127.0.0.1 legal-at-spybot.info 127.0.0.1 www.legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\papa »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\papa\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\papa\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://www.kissdesign.net/cartesvirtuelles/anniversaire/carte005/fondmilieu.gif"'>http://www.kissdesign.net/cartesvirtuelles/anniversaire/carte005/fondmilieu.gif" "SubscribedURL"="http://www.kissdesign.net/cartesvirtuelles/anniversaire/carte005/fondmilieu.gif" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="http://gfx2.hotmail.com/mail/w2/ltr/theme0/ToolbarBGx3.gif"'>http://gfx2.hotmail.com/mail/w2/ltr/theme0/ToolbarBGx3.gif" "SubscribedURL"="http://gfx2.hotmail.com/mail/w2/ltr/theme0/ToolbarBGx3.gif" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets DNS Server Search Order: 208.67.220.220 DNS Server Search Order: 208.67.222.222 Description: NETGEAR MA311 PCI Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 208.67.220.220 DNS Server Search Order: 208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B7CA670-97C4-4CB1-BD2C-4358BCDC47FB}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{40828758-11D2-4ABE-852C-07037A365613}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{40828758-11D2-4ABE-852C-07037A365613}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{52F4B205-D81B-44C2-A758-ADA01A21A034}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DAFA3A34-B346-4B6A-A779-7549A7E57FDF}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DAFA3A34-B346-4B6A-A779-7549A7E57FDF}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B7CA670-97C4-4CB1-BD2C-4358BCDC47FB}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{40828758-11D2-4ABE-852C-07037A365613}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{40828758-11D2-4ABE-852C-07037A365613}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{52F4B205-D81B-44C2-A758-ADA01A21A034}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DAFA3A34-B346-4B6A-A779-7549A7E57FDF}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DAFA3A34-B346-4B6A-A779-7549A7E57FDF}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{1B7CA670-97C4-4CB1-BD2C-4358BCDC47FB}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{40828758-11D2-4ABE-852C-07037A365613}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{40828758-11D2-4ABE-852C-07037A365613}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{52F4B205-D81B-44C2-A758-ADA01A21A034}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DAFA3A34-B346-4B6A-A779-7549A7E57FDF}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DAFA3A34-B346-4B6A-A779-7549A7E57FDF}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
Rajout de barette mémoire sur carte mère asrock k7vt4a+[RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Conseils matériel - Achats & Ventes
Merci -
Rajout de barette mémoire sur carte mère asrock k7vt4a+[RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Conseils matériel - Achats & Ventes
Merci pour tes conseils J'ai trouvé CORSAIR plus de détails sur CORSAIR Mémoire CORSAIR DDR PC-3200 - 512 Mo 400 MHz - CAS 2.5 - Value Select - VS512MB400 Mémoire CORSAIR DDR PC-3200 - 512 Mo 400 MHz - CAS 2.5 - Value Select - VS512MB400 Mémoire CORSAIR DDR PC3200 - 512 Mo - Value - non ECC Cas 2.5 Cela correspond ou pas ? Merci -
Rajout de barette mémoire sur carte mère asrock k7vt4a+[RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Conseils matériel - Achats & Ventes
Merci pour vos réponses cela m'évite de faire une bêtise surtout quand ce n'est pas son PC. Quel est le type de barrette à acheter ? 2 fois 512 ou 2 Fois 256 ? marque ? Merci -
Infecté par registryhelper et zolb.dowloader.bs et .vcd[resolu]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
Merci pour tes conseils. Je n'ai pas accès à ce PC pour le moment ( celui de mon voisin) Dès son retour( d'ici 18h30) je me lance. -
Infecté par registryhelper et zolb.dowloader.bs et .vcd[resolu]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
Bonjour, " Est-ce Smitfraudfix peut désinstaller ces éléments de "registryhelper ( 1élément) et zlob.dowloader.bs et zlob dowloader.vcd " Merci -
Bonjour, J'ai mon voisin qui a un PC équipé de la carte mère ASROCK K7VT4A+ ( 5 PCI,1 AGP,2 DDR DIMM, Audio,LAN) Type de processeur Unknown, 1666 Mhz (10X 167) 2400 + Mémoire Système 256 Mo (PC3200 DDR SDRAM) J'ai une barrette mémoire KING ELEPHANT : SDRAM 256 Mo BUS 133 Mhz Puis-je l'installer sur ce PC Merci.
-
Infecté par registryhelper et zolb.dowloader.bs et .vcd[resolu]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
Nouveau log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:28:45, on 12/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.fr.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/?.home=msgr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file) O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O17 - HKLM\System\CCS\Services\Tcpip\..\{40828758-11D2-4ABE-852C-07037A365613}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{52F4B205-D81B-44C2-A758-ADA01A21A034}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{DAFA3A34-B346-4B6A-A779-7549A7E57FDF}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: bw+0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {AE5FD146-18E1-44BA-84A0-66ABA179EC57} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O24 - Desktop Component 0: (no name) - http://www.kissdesign.net/cartesvirtuelles.../fondmilieu.gif O24 - Desktop Component 1: (no name) - http://gfx2.hotmail.com/mail/w2/ltr/theme0/ToolbarBGx3.gif -- End of file - 18209 bytes -
Bonjour, ce pc sous win xp est infecté par registryhelper ( 1élément) et zlob.dowloader.bs et zlob dowloader.vcd suite à l'analyse de spybot. Ci-joint log hijackthis : merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:37:20, on 12/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O24 - Desktop Component 0: (no name) - http://www.kissdesign.net/cartesvirtuelles.../fondmilieu.gif O24 - Desktop Component 1: (no name) - http://gfx2.hotmail.com/mail/w2/ltr/theme0/ToolbarBGx3.gif -- End of file - 1742 bytes
-
Infecté par zango.shoppingReport [RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
j'ai fait l'analyse de nouveau avec spybot il n'a rien trouvé. je pense qu'il a éliminer ce adware ZANGO. -
Infecté par zango.shoppingReport [RESOLU]
papyreunion a répondu à un(e) sujet de papyreunion dans Analyses et éradication malwares
Bonjour, Personne n'a eu cette infection, je ne trouve pas grand chose sur la toile à part spybot qui en parle. Comme un Adware. -
rapport defragmentation exclus 2 fichiers
papyreunion a répondu à un(e) sujet de papyreunion dans Optimisation, Trucs & Astuces
Merci pour les infos. -
Infecté par zango.shoppingReport [RESOLU]
papyreunion a posté un sujet dans Analyses et éradication malwares
Bonsoir, Le Pc de mon fils est infecté par Zango.ShoppingReport comment enlever cet Adware Merci