Après une semaine de tentatives infructeuse ... mon log Hijac

tatal · le 23 février 2007

Bonjour

Celà fait donc + d'une semaine que je me débat avec mon PC, contre un méchant malware

faut que je retrouve le nom,

et ouverture d'IE ou Firefox aléatoirement toujours pour accéder sur le même site, que j'ai bloqué avec mon firewall (Sygate)

J'ai donc essayé de suivre attentivement les traitements à faire sur les autres posts, et voici ce que celà donne :

- Scan Complet Avast (RAS)

- Scan AVG en mode sans échec (rien de particulier à part des cookies)

- et donc le Log HijackThis ci dessous en mode sans échec

Pitié aidez moi je vous en supplie

Merci beaucoup d'avance

Pascal

Logfile of HijackThis v1.99.1

Scan saved at 13:52:23, on 23/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\zTest\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\explorer.exe

C:\Download\A Trier\_Firefox\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\zWeb\Sygate\smc.exe -startgui

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\zUtils\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [hmonitor] C:\Program Files\zUtils\Hmonitor\hmonitor.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe

O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\zWeb\NetLimiter\NetLimiter.exe /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\zCD\Daemon\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [sIDEBAR] "C:\Program Files\zUtils\Desktop Sidebar\dsidebar.exe"

O4 - HKCU\..\Run: [AWMON] "C:\Program Files\zSpy\Ad-Aware\Ad-Watch.exe"

O4 - Startup: A Note.lnk = C:\Program Files\zUtils\A Note\A Note.exe

O4 - Startup: KO Approach.lnk = C:\Program Files\zTest\KO Approach\Approach.exe

O4 - Startup: Poppy for Windows.lnk = C:\Program Files\zWeb\Poppy\Poppy.exe

O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe

O4 - Startup: SpamPal.lnk = C:\Program Files\zWeb\SpamPal\spampal.exe

O4 - Startup: SyncIT.lnk = C:\Program Files\zWeb\BookmarkSync 2.0\BookmarkSync.exe

O4 - Startup: Winwall Autostart.lnk = C:\Program Files\zUtils\Winwall\Winwall.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: SideSlide.lnk = C:\Program Files\zTest\SideSlide\SideSlide.exe

O4 - Global Startup: Taskbar Shuffle.lnk = C:\Program Files\zTest\Taskbar Shuffle\taskbarshuffle.exe

O8 - Extra context menu item: &eBay Search - res://C:\Download\Mes documents CHRITOU\eBay\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\zUtils\Desktop Sidebar\sbhelp.dll/menuhandler.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\zUtils\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\zUtils\Desktop Sidebar\sbhelp.dll

O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O18 - Protocol: bw+0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: offline-8876480 - {45BBD59F-FF7A-462B-8234-42DF9A9E2BEF} - C:\Program Files\zDriver\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\zUtils\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\zUtils\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\zUtils\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\zUtils\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\zTest\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\zDisk\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MailtraqServer - Unknown owner - C:\Program Files\zWeb\Mailtraq\mtqsvc.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - J:\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\Web\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\zGraphic\ProShowProducer\ScsiAccess.exe

O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\zTest\Serv-U\ServUDaemon.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\zWeb\Sygate\smc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\zCD\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: VMware Converter Service (ufad-p2v) - Unknown owner - C:\Program Files\zUtils\VMware Converter\vmware-ufad.exe" -d "C:\Program Files\zUtils\VMware Converter\\" -s ufad-p2v.xml (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\zUtils\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Modifié le 24 février 2007 par tatal

regis56 · le 23 février 2007

Bonjour tatal !

Peut tu me dire a quoi te sert ta VM ?

Ensuite peut tu faire ceci :

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

Colle le rapport dans ta prochaine réponse.

Télécharge SpySweeper - Télécharge SpySweeper - Aide SpySweeper

- Clic sur sur le lien "Free Trial" pour le télécharger tout à droite

- Installe le et démare le

- Il va te demander de télécharger la dernière définition, accepte

- Ensuite, clic sur le bouton Options à gauche

- Clic sur l'onglet Options

- Assure toi que les options suivantes sont cochées :

o Windows Registery

o Memory Object

o Cookies

o System Restore Folder

o Plus bas :

o Sweep all users accounts

o Sweep for rootkis

-- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Démarre SpySweeper

- Clic sur "Sweep Now" à gauche

- Clic sur le bouton "Start"

- Quand le scan est terminé, clic sur le bouton "Next"

- Assure toi que tout est coché et clic sur le bouton "Next"

- Lorsque tous les éléments trouvés ont été supprimés

- Clic sur "Session Log" en haut à droite, copie tous les élements du log.

- Ferme les fenêtres et colle tout le log ici ainsi qu'un log HijackThis

Aide : N'hésite pas à consulter l'Aide de SpySweeper

A plus.

tatal · le 23 février 2007

En attendant que les traitements se finissent sur le PC ...

C'est pratique d'avoir le portable du boulot pour continuer à causer ; c'est le PC qui est infecté

Est ce que quelqu'un connaitrait des adwares, ou trojan connus sur les Exe d'eBay TurboLister, et un truc genre Toolbar de chez eBay aussi...???

Parce que ma femme à installer çà, et il est vrai que c'est environ depuis ce temps là, que le PC à commencé à déconner ?

Sinon :

Peut tu me dire a quoi te sert ta VM ?

A faire des tests pour le boulot avec Oracle, SQL, et tester des programmes sans pourrir ma machine (normalement ;-p)

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

çà j'ai pas vu : laisse [X]scan through Windows Explorer activé

Télécharge SpySweeper - Télécharge SpySweeper - Aide SpySweeper

ca j'ai pas vu pu cocher la case : o System Restore Folder

Et les logs vont arriver dans pas longtemps

Modifié le 23 février 2007 par tatal

tatal · le 23 février 2007

?????

bah c'est naze çà,

sur Spyweeper, il a bien trouvé des trucs adware, trojan, etc...

mais je vais pas pouvoir mettre de log, car a la suppression des méchantes bebetes, il a du redemarrer pour les supprimer

j'ai donc pas de log

par contre je l'ai relancé en mode sans echec, et la il vient de finir de scanner mon C:, et il n'y a plus rien de détecté

tatal · le 23 février 2007

autant pour moi, il garde l'historique

je redemarre le PC

le prochain post sera pour les logs

tatal · le 23 février 2007

donc ci dessous, le log Blacklight (de F-Secure)

02/23/07 15:44:52 [info]: BlackLight Engine 1.0.55 initialized

02/23/07 15:44:52 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/23/07 15:44:52 [Note]: 7019 4

02/23/07 15:44:52 [Note]: 7005 0

02/23/07 15:45:14 [Note]: 7006 0

02/23/07 15:45:14 [Note]: 7011 1876

02/23/07 15:45:14 [Note]: 7026 0

02/23/07 15:45:22 [Note]: FSRAW library version 1.7.1021

02/23/07 15:50:07 [Note]: 4000 5

02/23/07 15:50:07 [Note]: 4007 5

02/23/07 15:50:07 [Note]: 4000 5

02/23/07 15:50:07 [Note]: 4007 5

02/23/07 15:50:08 [Note]: 4000 5

02/23/07 15:50:08 [Note]: 4007 5

02/23/07 15:50:24 [Note]: 7007 0

Le Log SpySweeper

17:51: Traces Found: 0

17:51: File Sweep Complete, Elapsed Time: 00:14:01

17:51: Sweep Canceled

17:46: Warning: SweepDirectories(2): This instance of TCustomFileEnumerator can only handle files and directories located on drive "F:" but not drive "C:"

17:46: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.

17:46: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.

17:37: Starting File Sweep

17:37: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.

17:37: Cookie Sweep Complete, Elapsed Time: 00:00:00

17:37: Starting Cookie Sweep

17:37: Registry Sweep Complete, Elapsed Time:00:00:53

17:37: Memory Sweep Complete, Elapsed Time: 00:00:00

17:37: Starting Registry Sweep

17:36: Starting Memory Sweep

17:36: Sweep initiated using definitions version 865

17:36: Spy Sweeper 5.3.1.2346 started

17:36: | Start of Session, vendredi 23 février 2007 |

***************

17:36: Traces Found: 0

17:36: Memory Sweep Complete, Elapsed Time: 00:00:04

17:36: Sweep Canceled

17:36: Starting Memory Sweep

17:36: Sweep initiated using definitions version 865

17:36: Spy Sweeper 5.3.1.2346 started

17:36: | Start of Session, vendredi 23 février 2007 |

***************

17:34: Program Version 5.3.1.2346 Using Spyware Definitions 865

17:34: Spy Sweeper 5.3.1.2346 started

17:34: | Start of Session, vendredi 23 février 2007 |

***************

16:05: ApplicationMinimized - EXIT

16:05: ApplicationMinimized - ENTER

16:04: Warning: GetUrlHistory: Access violation at address 005F938E in module 'SpySweeper.exe'. Read of address FFFFFFFF

16:04: ApplicationMinimized - EXIT

16:04: ApplicationMinimized - ENTER

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

16:01: Shield States

16:01: Spyware Definitions: 865

16:00: Spy Sweeper 5.3.1.2346 started

16:00: | Start of Session, vendredi 23 février 2007 |

***************

16:07: Program Version 5.3.1.2346 Using Spyware Definitions 865

16:07: Spy Sweeper 5.3.1.2346 started

16:07: | Start of Session, vendredi 23 février 2007 |

***************

17:29: Removal process completed. Elapsed time 00:00:49

17:29: Preparing to restart your computer. Please wait...

17:28: Quarantining All Traces: sogou toolbar

17:28: Quarantining All Traces: trojan-backdoor-egroup

17:28: Quarantining All Traces: xiti cookie

17:28: Quarantining All Traces: fe.lea.lycos.com cookie

17:28: pmnnl.dll is in use. It will be removed on reboot.

17:28: virtumonde is in use. It will be removed on reboot.

17:28: Warning: Launched explorer.exe

17:28: Quarantining All Traces: virtumonde

17:28: Quarantining All Traces: trojan agent winlogonhook

17:28: Removal process initiated

17:26: Traces Found: 10

17:26: Custom Sweep has completed. Elapsed time 01:19:32

17:26: File Sweep Complete, Elapsed Time: 01:18:44

Espace insuffisant pour traiter cette commande

17:25: Warning: Unable to sweep compressed file: System Error. Code: 8.

Espace insuffisant pour traiter cette commande

17:25: Warning: Unable to sweep compressed file: System Error. Code: 8.

Accès refusé

17:24: Warning: Unable to sweep compressed file: System Error. Code: 5.

16:53: Warning: TCompressedFile.GetStreams(1): Stream read error

16:48: Warning: TCompressedFile.GetStreams(1): Stream read error

16:39: Warning: SweepDirectories: Cannot find directory "o:". This directory was not added to the list of paths to be scanned.

16:39: Warning: SweepDirectories: Cannot find directory "n:". This directory was not added to the list of paths to be scanned.

16:39: Warning: SweepDirectories: Cannot find directory "m:". This directory was not added to the list of paths to be scanned.

16:39: Warning: SweepDirectories: Cannot find directory "l:". This directory was not added to the list of paths to be scanned.

16:39: Warning: SweepDirectories: Cannot find directory "k:". This directory was not added to the list of paths to be scanned.

16:29: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.

16:16: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.

16:16: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.

16:10: realmediasplitter.ax (ID = 385620)

16:10: Found Adware: sogou toolbar

16:08: msskinner (1 subtraces) (ID = 2147527092)

16:08: Found Trojan Horse: trojan-backdoor-egroup

16:08: Starting File Sweep

16:08: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.

16:08: Cookie Sweep Complete, Elapsed Time: 00:00:00

16:08: tatal@xiti[2].txt (ID = 3717)

16:08: Found Spy Cookie: xiti cookie

16:08: tatal@fe.lea.lycos[1].txt (ID = 2660)

16:08: Found Spy Cookie: fe.lea.lycos.com cookie

16:08: Starting Cookie Sweep

16:08: Registry Sweep Complete, Elapsed Time:00:00:12

16:08: HKU\S-1-5-21-789336058-2139871995-725345543-1003\atlmon.reusablecomp.5\ (ID = 1589917)

16:08: HKLM\software\microsoft\mssmgr\ (ID = 1776755)

16:08: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32\ (ID = 1642781)

16:08: Starting Registry Sweep

16:08: Memory Sweep Complete, Elapsed Time: 00:00:29

16:07: Detected running threat: pmnnl.dll (ID = 534)

16:07: Found Adware: virtumonde

16:07: Starting Memory Sweep

16:07: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32\ || dllname (ID = 1642787)

16:07: Found Trojan Horse: trojan agent winlogonhook

16:07: Sweep initiated using definitions version 865

16:07: Spy Sweeper 5.3.1.2346 started

16:07: | Start of Session, vendredi 23 février 2007 |

***************

Le Log HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 17:57:27, on 23/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\zWeb\Sygate\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\zUtils\Avast4\aswUpdSv.exe

C:\Program Files\zUtils\Avast4\ashServ.exe

C:\Program Files\zTest\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\zWeb\Mailtraq\mtqsvc.exe

C:\Program Files\Web\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\zGraphic\ProShowProducer\ScsiAccess.exe

C:\Program Files\zTest\Serv-U\ServUDaemon.exe

C:\Program Files\zCD\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\zUtils\VMware Workstation\vmware-authd.exe

C:\Program Files\zWeb\Mailtraq\mailtraq.exe

C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Web\NetLimiter 2 Pro\NLClient.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\Mixer.exe

C:\PROGRA~1\zUtils\Avast4\ashDisp.exe

C:\Program Files\zUtils\Hmonitor\hmonitor.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\zCD\Daemon\daemon.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\zUtils\Desktop Sidebar\dsidebar.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\zUtils\Avast4\ashMaiSv.exe

C:\Program Files\zSpy\Ad-Aware\Ad-Watch.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\zDriver\Logitech\SetPoint\SetPoint.exe

C:\Program Files\zTest\SideSlide\SideSlide.exe

C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\zTest\Taskbar Shuffle\taskbarshuffle.exe

C:\Program Files\zUtils\A Note\A Note.exe

C:\Program Files\zTest\KO Approach\Approach.exe

C:\Program Files\zWeb\Poppy\Poppy.exe

C:\Program Files\Shrink Pic\shrink_pic.exe

C:\Program Files\zWeb\SpamPal\spampal.exe

C:\Program Files\zWeb\BookmarkSync 2.0\BookmarkSync.exe

C:\Program Files\zUtils\Winwall\Winwall.exe

C:\WINDOWS\explorer.exe

C:\Download\A Trier\_Firefox\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\zUtils\Desktop Sidebar\sbhelp.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\zWeb\eoRezo\EoAdv\EOREZO~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {8C32931D-9CBC-4126-83BA-55EAAA25B255} - C:\WINDOWS\system32\cbxxusr.dll (file missing)

O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\rgymaeex.dll (file missing)