Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Virus Messenger moi aussi [Résolu]

Mia27

Par Mia27
dans Analyses et éradication malwares

 Partager

Messages recommandés

Mia27 Member

Mia27

Posté(e)
Posté(e) (modifié)

Bonjour et merci de bien vouloir m'aider...

 

J'ai une fenêtre d'un de mes contact qui a ouvert avec la citation:

 

J'ai pris une photo de ma tante clic sur ce lien pour la voir...

 

Et bien sur j'ai cliqué en toute confiance...

 

Voila...j'ai cette mer..qui s'envoie a tout mes contact...

 

Que faire?

 

Encore merci de votre aide!

Modifié par Mia27

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir Mia27,

 

*** Bienvenue sur le forum sécurité de Zebulon ! ***

 

 

1) Télécharge MSNFix.zip (de !aur3n7) sur ton bureau:

 

Décompresse-le (clic droit >> Extraire ici) et double-clique sur le fichier MSNFix.bat

- Exécute l'option R.

-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

 

Notes :

  • Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
  • Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

 

2) Télécharge HijackThis ici : http://download.hijackthis.eu/hijackthis_199.zip

---> Décompresse l'archive dans un dossier dédié

---> Renomme HijackThis.exe en Vundo.exe

---> Lance-le

---> Choisis l'option "Do A System Scan And Save A Log File"

---> Copie-colle le rapport sur ce forum

 

Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)

http://sitethemacs.free.fr/aide_enregistre...e_hijackthi.htm

 

 

Bon début de désinfection... :P

Mia27 Member

Mia27

Posté(e)
  • Auteur
Posté(e)

Alors voici:

 

1-Msnfix:

 

 

MSN_Fix 1.331

 

C:\Documents and Settings\Sophie\Bureau\MSNFix

Fix exécuté le 2007-07-03 - 20:02:33,79 By Sophie

mode normal

 

************************ Recherche les fichiers présents

 

... C:\WINDOWS\system32\dllcache\winmga.exe

 

************************ Recherche les dossiers présents

 

Aucun dossier trouvé

 

 

 

 

************************ Suppression des fichiers

 

/!\ ... C:\WINDOWS\system32\dllcache\winmga.exe

 

 

 

************************ Nettoyage du registre

 

 

 

Les fichiers encore présents seront supprimés au prochain redémarrage

 

 

Aucun dossier trouvé

************************ Suppression des fichiers

 

.. OK ... C:\WINDOWS\system32\dllcache\winmga.exe

 

 

 

************************ Fichiers suspects

 

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

 

 

 

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2007-07-03_20053425.zip

 

 

------------------------------------------------------------------------

Auteur : !aur3n7 Contact: http://246694.aceboard.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

2-Hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:08:01, on 2007-07-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\wasjisnq.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\vundo\Vundo.exe.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.desjardins.com/fr/index.jsp?setcookies=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {17C32383-5629-4890-848B-8F1E23E60DA4} - C:\WINDOWS\system32\awvvs.dll

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\byrxmklr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\ssqrppp.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\luutbdty.dll",realset

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162752256562

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162752327640

O18 - Protocol: bw+0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll

O20 - Winlogon Notify: ssqrppp - C:\WINDOWS\SYSTEM32\ssqrppp.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: DomainService - - C:\WINDOWS\system32\wasjisnq.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Salut Mia27,

 

Ton système est en effet très infecté !!!

Même si nous parvenons à enlever tous les malware's présents sur ton système, je ne pourrai pas te garantir que ton ordinateur fonctionnera parfaitement par la suite...

 

 

1) Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

  1. Double-clique VundoFix.exe afin de le lancer
  2. Clique sur le bouton Scan for Vundo
  3. Lorsque le scan est complété, clique sur le bouton Remove Vundo
  4. Une invite te demandera si tu veux supprimer les fichiers, clique YES
  5. Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  6. Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  7. Copie/colle le contenu du rapport situé dans C:\vundofix.txt sur ce forum

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

 

 

2) Relance HijackThis, ferme toutes les autres fenêtres et fixe les lignes suivantes (si encore présentes) :

 

O2 - BHO: (no name) - {17C32383-5629-4890-848B-8F1E23E60DA4} - C:\WINDOWS\system32\awvvs.dll

 

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\byrxmklr.dll

 

O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\ssqrppp.dll

 

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\luutbdty.dll",realset

 

O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll

 

O20 - Winlogon Notify: ssqrppp - C:\WINDOWS\SYSTEM32\ssqrppp.dll

 

 

3) Désactive le service DomainService :

 

Clique sur "démarrer" -> "Exécuter" -> tape sans les guillemets "services.msc" (+OK), clique sur l'onglet "étendu" (en bas à gauche), puis avec le bouton droit sur "DomainService" (propriétés, général, type de démarrage : DESACTIVE)

 

 

4) Télécharge ATF Cleaner de Atribune sur ton bureau. Ce programme sert à nettoyer les fichiers inutiles !

 

- Double-clique sur ATF-Cleaner.exe

 

Coche ceci :

  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Cookies
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle Bin

- Clique sur Empty Selected et au message "Done Cleaning" sur Ok

 

 

Merci de poster les rapports suivants :

  1. VundoFix
  2. Nouveau rapport HijackThis

 

Bon travail à toi ! :P

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir Mia27,

 

La désinfection d'une machine doit se faire avec une certaine rigueur...

 

c:/windows/system32/wasjisnq.exe

--> C'est exactement pour ce genre de cas que je te demande de poster les rapports...

--> Ne t'inquiète pas, on a plein d'autres solutions pour les récalcitrants ! :P

 

Je vais dormir... mais serai ravi de terminer le travail avec toi... :P

Mia27 Member

Mia27

Posté(e)
  • Auteur
Posté(e)

Voila...Merci et bonne nuit,

 

 

VundoFix V6.5.4

 

Checking Java version...

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Scan started at 20:55:36 2007-07-03

 

Listing files found while scanning....

 

C:\windows\system32\awvvs.dll

C:\WINDOWS\system32\byrxmklr.dll

C:\windows\system32\byxwwxw.dll

C:\windows\system32\cbxwusq.dll

C:\WINDOWS\system32\luutbdty.dll

C:\WINDOWS\system32\ssqrppp.dll

C:\WINDOWS\system32\svvwa.bak1

C:\windows\system32\svvwa.bak2

C:\WINDOWS\system32\svvwa.ini

C:\windows\system32\svvwa.ini2

C:\windows\system32\svvwa.tmp

C:\windows\system32\tuvuspo.dll

C:\windows\system32\tuvvvst.dll

C:\windows\system32\wasjisnq.exe

C:\windows\system32\wvuvtst.dll

C:\windows\system32\yebglmjs.exe

C:\windows\system32\ytdbtuul.ini

 

Beginning removal...

 

Attempting to delete C:\windows\system32\awvvs.dll

C:\windows\system32\awvvs.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\byrxmklr.dll

C:\WINDOWS\system32\byrxmklr.dll Has been deleted!

 

Attempting to delete C:\windows\system32\byxwwxw.dll

C:\windows\system32\byxwwxw.dll Has been deleted!

 

Attempting to delete C:\windows\system32\cbxwusq.dll

C:\windows\system32\cbxwusq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\luutbdty.dll

C:\WINDOWS\system32\luutbdty.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssqrppp.dll

C:\WINDOWS\system32\ssqrppp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\svvwa.bak1

C:\WINDOWS\system32\svvwa.bak1 Has been deleted!

 

Attempting to delete C:\windows\system32\svvwa.bak2

C:\windows\system32\svvwa.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\svvwa.ini

C:\WINDOWS\system32\svvwa.ini Has been deleted!

 

Attempting to delete C:\windows\system32\svvwa.ini2

C:\windows\system32\svvwa.ini2 Has been deleted!

 

Attempting to delete C:\windows\system32\svvwa.tmp

C:\windows\system32\svvwa.tmp Has been deleted!

 

Attempting to delete C:\windows\system32\tuvuspo.dll

C:\windows\system32\tuvuspo.dll Has been deleted!

 

Attempting to delete C:\windows\system32\tuvvvst.dll

C:\windows\system32\tuvvvst.dll Has been deleted!

 

Attempting to delete C:\windows\system32\wasjisnq.exe

C:\windows\system32\wasjisnq.exe Could not be deleted.

 

Attempting to delete C:\windows\system32\wvuvtst.dll

C:\windows\system32\wvuvtst.dll Has been deleted!

 

Attempting to delete C:\windows\system32\yebglmjs.exe

C:\windows\system32\yebglmjs.exe Has been deleted!

 

Attempting to delete C:\windows\system32\ytdbtuul.ini

C:\windows\system32\ytdbtuul.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.4

 

Checking Java version...

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Scan started at 21:03:22 2007-07-03

 

Listing files found while scanning....

 

C:\windows\system32\wasjisnq.exe

 

Beginning removal...

 

Attempting to delete C:\windows\system32\wasjisnq.exe

C:\windows\system32\wasjisnq.exe Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\windows\system32\wasjisnq.exe

C:\windows\system32\wasjisnq.exe Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.4

 

Checking Java version...

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Scan started at 21:08:48 2007-07-03

 

Listing files found while scanning....

 

C:\windows\system32\wasjisnq.exe

 

Beginning removal...

 

Attempting to delete C:\windows\system32\wasjisnq.exe

C:\windows\system32\wasjisnq.exe Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.4

 

Checking Java version...

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Scan started at 21:13:11 2007-07-03

 

Listing files found while scanning....

 

C:\windows\system32\wasjisnq.exe

 

Beginning removal...

 

Attempting to delete C:\windows\system32\wasjisnq.exe

C:\windows\system32\wasjisnq.exe Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.4

 

Checking Java version...

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Scan started at 21:21:16 2007-07-03

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:29:32, on 2007-07-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\vundo\Vundo.exe.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.desjardins.com/fr/index.jsp?setcookies=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162752256562

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162752327640

O18 - Protocol: bw+0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {C01E532C-1E47-4CC3-99C1-0C309EC6812B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wasjisnq.exe (file missing)

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonjour Mia27,

 

--- Nous allons donc nous centrer sur ce fichier --- Si cela ne fonctionne toujours pas, nous testerons encore autrement...

 

1) Télécharge OTMoveIt de OldTimer. Sauvegarde-le sur ton Bureau.

 

Copie le texte en citation ci-dessous (sélectionne-le en entier avec ta souris, puis fais un clic-droit dessus et choisis "Copier") :

 

C:\windows\system32\wasjisnq.exe

  • Double-clique sur OTMoveIt.exe afin de lancer le programme
  • Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée
  • Fais un Clic-droit sur le cadre de gauche puis choisis Coller
  • Clique à présent sur le bouton "MoveIt!"
  • Un rapport va être créé, il se trouve dans C:\_OTMoveIt\MovedFiles\ (Le nom du rapport est la date de sa création)
  • Poste ce rapport stp...

2) Nous allons vérifier qu'il ne reste pas d'infection à l'aide d'un scan en ligne :

 

Rends-toi sur le site de Kaspersky WebScanner

Dans "Démonstration en ligne", tu as une explication de la marche à suivre

Pour démarrer l'analyse, tu sélectionnes "Exécuter l'analyse en ligne".

 

Cette manipulation doit absolument être effectuée avec Internet Explorer

 

Télécharge le contôle Active X, accepte .

Dans le menu "Choisissez la cible de l'analyse", sélectionne "Poste de travail".

Le scan va commencer. Poste le rapport qui sera généré stp.

 

Très bon tutoriel ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

 

 

Merci de poster les 2 rapports... c'est important pour la suite de la procédure... :P

 

Travaille bien...

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...