Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[résolu]Gros problèmes avec mon ordi

gaelle2805

Par gaelle2805
dans Analyses et éradication malwares

 Partager

Messages recommandés

gaelle2805 Member

gaelle2805

Posté(e)
Posté(e)

Depuis trois jours j'essaye de réparer mon ordi en suivant les conseils donnés : scanner avec ad aware et spybot.

Mon antivurs a détecté des virus (bacdoor.graybird entre autres) soit il les a supprimés soit il n'a pas pu. Mais après avoir fai tout cela, j'ai encore plein de problèmes.

Je vous colle donc mon log hijackthis, si quelqu'un pouvait m'aider ce serait sympa sinon je vais être obligée de formater C où se trouvent mon système d'exploitation et mes logiciels et peut-être aussi formater F mon disque dur de données. A l'aide s'il vous plait.

 

Logfile of HijackThis v1.99.1

Scan saved at 08:55:26, on 11/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\sllights.exe

C:\Apps\ActivBoard\MMKeybd.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\drivers\PhiBtn.exe

C:\WINDOWS\System32\drivers\Tray900.exe

C:\Apps\ActivBoard\TrayMon.exe

C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Apps\ActivBoard\OSD.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Norton Password Manager\AcctMgr.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\GALLE~1\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

C:\WINDOWS\Explorer.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3088DFB6-85B8-46C4-B104-565B9A4BB274} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6B674AB1-CA99-46D7-806D-C64674DCE0EA} - C:\WINDOWS\system32\vtsqn.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {AE52DD9A-8D40-40D9-9675-0A3EE88A50D2} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {E0EA1F31-B58F-47E8-A185-20C52DF9F168} - C:\WINDOWS\system32\cbxyaaa.dll

O2 - BHO: (no name) - {E7C2D9AE-A879-4AA3-A6C5-63950D3CFD8D} - (no file)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe

O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe

O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\nerocheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [b4a7ebad] rundll32.exe "C:\WINDOWS\system32\aoickrvm.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173438387999

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - file:///C:/Documents%20and%20Settings/Gaëlle/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab

O18 - Protocol: bw+0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: cbxyaaa - C:\WINDOWS\SYSTEM32\cbxyaaa.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

 

Merci d'avance pour votre aide

angelique Devil Member !

angelique

Posté(e)
Posté(e)

tu trouves ça marrant pparto ??? Oo

 

-------------------------------------------------------

 

gaelle2805

 

1/

*supprimes tes anciennes versions de HijackThis

 

*desactive ton teaTimer de spybot, c'est TRES IMPORTANT!!!!!!

 

*telecharge sur ton bureau http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Double-clique sur HJTInstall.exe pour lancer le programme

Choisis l'option "Do a system scan only"

Coche uniquement les lignes ci dessous et clic fixchecked::

 

O2 - BHO: (no name) - {3088DFB6-85B8-46C4-B104-565B9A4BB274} - (no file)

O2 - BHO: (no name) - {AE52DD9A-8D40-40D9-9675-0A3EE88A50D2} - (no file)

O2 - BHO: (no name) - {E7C2D9AE-A879-4AA3-A6C5-63950D3CFD8D} - (no file)

O4 - HKLM\..\Run: [b4a7ebad] rundll32.exe "C:\WINDOWS\system32\aoickrvm.dll",b

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O18 - Protocol: bw+0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

[toutes les 018 sauf la derniere ligne]

 

2/Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

 

http://www.atribune.org/ccount/click.php?id=4

 

Double-clique VundoFix.exe afin de le lancer.

.

Clique sur le bouton Scan for Vundo.

Lorsque le scan est complété, clique sur le bouton Remove Vundo.

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Redémarre le pc et Copie/colle le contenu du rapport situé dans C:\vundofix.txt

 

3/Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau et pas ailleurs!!!! desactive temporairement ton Norton Antivirus, car Nircmd.exe de ComboFix pourrait etre detecté

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique combofix.exe afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

gaelle2805 Member

gaelle2805

Posté(e)
  • Auteur
Posté(e)

D'abord merci énormément pour ton aide et pour ta réponse rapide.

Voici le rapport de vunfofix :

 

VundoFix V6.7.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 18:36:35 11/02/2008

 

Listing files found while scanning....

 

C:\WINDOWS\system32\awtqqrp.dll

C:\WINDOWS\system32\awtutrq.dll

C:\WINDOWS\system32\bavubjnd.dll

C:\WINDOWS\system32\bdeeg.ini

C:\WINDOWS\system32\bdeeg.ini2

C:\WINDOWS\system32\cbxyaaa.dll

C:\WINDOWS\system32\dnjbuvab.ini

C:\WINDOWS\system32\efcdebx.dll

C:\WINDOWS\system32\geedb.dll

C:\WINDOWS\system32\hgggdab.dll

C:\WINDOWS\system32\iifeede.dll

C:\WINDOWS\system32\iiffeby.dll

C:\WINDOWS\system32\jgwmlclb.dll

C:\WINDOWS\system32\khfefge.dll

C:\WINDOWS\system32\mljjijg.dll

C:\WINDOWS\system32\oqpcqerp.dll

C:\WINDOWS\system32\rqrolif.dll

C:\WINDOWS\system32\sfclqeaa.dll

C:\WINDOWS\system32\tuvwvtt.dll

C:\WINDOWS\system32\vwwgnaha.dll

C:\WINDOWS\system32\wvutrpp.dll

C:\WINDOWS\system32\wvuuttu.dll

C:\WINDOWS\system32\wvuuvsp.dll

C:\WINDOWS\system32\xxyvwuu.dll

C:\WINDOWS\system32\xxywvvw.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\awtqqrp.dll

C:\WINDOWS\system32\awtqqrp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\awtutrq.dll

C:\WINDOWS\system32\awtutrq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bavubjnd.dll

C:\WINDOWS\system32\bavubjnd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bdeeg.ini

C:\WINDOWS\system32\bdeeg.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bdeeg.ini2

C:\WINDOWS\system32\bdeeg.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cbxyaaa.dll

C:\WINDOWS\system32\cbxyaaa.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\dnjbuvab.ini

C:\WINDOWS\system32\dnjbuvab.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\efcdebx.dll

C:\WINDOWS\system32\efcdebx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\geedb.dll

C:\WINDOWS\system32\geedb.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\hgggdab.dll

C:\WINDOWS\system32\hgggdab.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\iifeede.dll

C:\WINDOWS\system32\iifeede.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\iiffeby.dll

C:\WINDOWS\system32\iiffeby.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jgwmlclb.dll

C:\WINDOWS\system32\jgwmlclb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\khfefge.dll

C:\WINDOWS\system32\khfefge.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mljjijg.dll

C:\WINDOWS\system32\mljjijg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\oqpcqerp.dll

C:\WINDOWS\system32\oqpcqerp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqrolif.dll

C:\WINDOWS\system32\rqrolif.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sfclqeaa.dll

C:\WINDOWS\system32\sfclqeaa.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tuvwvtt.dll

C:\WINDOWS\system32\tuvwvtt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vwwgnaha.dll

C:\WINDOWS\system32\vwwgnaha.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wvutrpp.dll

C:\WINDOWS\system32\wvutrpp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wvuuttu.dll

C:\WINDOWS\system32\wvuuttu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wvuuvsp.dll

C:\WINDOWS\system32\wvuuvsp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xxyvwuu.dll

C:\WINDOWS\system32\xxyvwuu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xxywvvw.dll

C:\WINDOWS\system32\xxywvvw.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\bdeeg.ini

C:\WINDOWS\system32\bdeeg.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bdeeg.ini2

C:\WINDOWS\system32\bdeeg.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cbxyaaa.dll

C:\WINDOWS\system32\cbxyaaa.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\geedb.dll

C:\WINDOWS\system32\geedb.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

Puis voici le rapport de combofix trouvé dans combofix.txt :

 

ComboFix 08-02-11.2 - Gaëlle 2008-02-11 19:30:16.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.384 [GMT 1:00]

Endroit: C:\Documents and Settings\Gaëlle\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\cbxyaaa.dll

C:\WINDOWS\system32\dcjsnvkh.ini

C:\WINDOWS\system32\drivers\PhiBtn.exe

C:\WINDOWS\system32\drivers\Tray900.exe

C:\WINDOWS\system32\ffjmsmvp.ini

C:\WINDOWS\system32\MabryObj.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mvrkcioa.ini

C:\WINDOWS\system32\nqstv.ini

C:\WINDOWS\system32\nqstv.ini2

C:\WINDOWS\system32\qtutv.ini

C:\WINDOWS\system32\qtutv.ini2

C:\WINDOWS\system32\repxptvq.ini

C:\WINDOWS\system32\rtstv.ini

C:\WINDOWS\system32\rtstv.ini2

C:\WINDOWS\system32\system

C:\WINDOWS\system32\system\msxml4.dll

C:\WINDOWS\system32\system\msxml4r.dll

C:\WINDOWS\system32\vtutq.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))

.

 

2008-02-11 18:36 . 2008-02-11 19:14 <REP> d-------- C:\VundoFix Backups

2008-02-11 18:29 . 2008-02-11 18:29 <REP> d-------- C:\Program Files\Trend Micro

2008-02-11 11:26 . 2008-02-11 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-02-11 08:54 . 2008-02-11 18:27 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise

2008-02-10 22:06 . 2008-02-10 22:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-02-08 18:25 . 2008-02-08 20:01 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-02-08 18:05 . 2008-02-11 14:36 147 --a------ C:\WINDOWS\wininit.ini

2008-02-08 18:04 . 2008-02-08 17:43 1,466,368 --a------ C:\WINDOWS\system32\WinSpooler.exe

2008-02-08 14:46 . 2008-02-10 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-08 14:37 . 2008-02-08 14:37 <REP> d-------- C:\Program Files\Lavasoft

2008-02-08 14:37 . 2008-02-08 14:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-08 13:18 . 2008-02-08 14:23 <REP> d-------- C:\Program Files\Spyware Doctor

2008-02-07 15:05 . 2008-02-11 19:21 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-07 15:05 . 2008-02-08 18:04 37,888 --a------ C:\WINDOWS\system32\rar.exe

2008-02-07 14:47 . 2008-02-07 14:47 0 ---hs---- C:\WINDOWS\S3E56B0C4.tmp

2008-02-07 14:42 . 2008-02-07 15:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft

2008-02-01 19:13 . 2008-02-09 16:33 <REP> d-------- C:\WINDOWS\system32\wrc-c4 dir

2008-01-28 12:08 . 2008-01-28 12:08 <REP> d-------- C:\PAROISSE

2008-01-28 08:09 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd

2008-01-19 13:36 . 2008-01-19 13:36 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\TomTom

2008-01-19 13:35 . 2008-01-19 13:35 <REP> d-------- C:\Program Files\TomTom HOME 2

2008-01-19 13:35 . 2008-01-19 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom

2008-01-19 13:34 . 2008-01-19 13:34 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\InstallShield

2008-01-19 13:32 . 2008-01-19 13:32 <REP> d-------- C:\Program Files\TomTom DesktopSuite

2008-01-18 21:20 . 2008-01-18 21:20 <REP> d-------- C:\Documents and Settings\Emmanuel\Application Data\VERITAS

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-11 18:28 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-02-11 17:27 --------- d-----w C:\Program Files\Hijackthis Version Française

2008-02-11 13:36 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems

2008-02-09 21:40 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\Symantec

2008-02-08 13:36 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-02-07 20:50 --------- d-----w C:\Documents and Settings\Emmanuel\Application Data\Skype

2008-02-07 14:07 --------- d-----w C:\Program Files\SlySoft

2008-02-07 10:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-02-04 11:54 --------- d-----w C:\Program Files\Norton SystemWorks

2008-01-31 07:15 --------- d-----w C:\Program Files\Norton Internet Security

2008-01-28 07:09 --------- d-----w C:\Program Files\Creative

2008-01-19 12:35 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-30 14:21 --------- d-----w C:\Documents and Settings\Armand\Application Data\Symantec

2007-12-28 14:16 --------- d-----w C:\Program Files\Mindscape

2007-12-26 10:36 --------- d-----w C:\Program Files\EA SPORTS

2007-12-25 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield

2007-12-25 09:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2007-12-23 08:18 --------- d-----w C:\Program Files\Google

2007-12-20 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio

2007-12-20 10:04 --------- d-----w C:\Program Files\The Rise of Atlantis

2007-12-20 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia

2007-12-20 09:58 --------- d-----w C:\Program Files\BFG

1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll

2007-09-25 12:50 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41EA46E8-1DE8-4AF9-8988-E8DC61A4B92F}]

C:\WINDOWS\system32\geedb.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-21 12:35 132248]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 09:43 35328]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 15:29 58984]

"Norton Ghost 9.0"="C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" [2004-08-02 16:36 1122304]

"AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-02-20 14:54 586856]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]

"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 12:34 299008]

"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 17:58 1185264]

"Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" [ ]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-31 18:16 100056]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-06 11:34 98304]

"PhiBtn"="C:\WINDOWS\System32\drivers\PhiBtn.exe" [ ]

"nwiz"="nwiz.exe" [2002-11-18 14:15 315392 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2002-11-18 14:15 4243456]

"NeroFilterCheck"="c:\program files\fichiers communs\ahead\lib\nerocheck.exe" [2007-03-01 14:57 153136]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-17 20:49 188416]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"b4a7ebad"="C:\WINDOWS\system32\bavubjnd.dll" [ ]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 18:51 192512]

"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 18:02 1961576]

"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 11:47 87584]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"Windows Printing Driver"= WinSpooler.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

cbxyaaa.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-08-02 16:04]

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]

R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-08-02 16:23]

R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 12:38]

R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2001-08-06 06:41]

R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17]

R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 18:28]

R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2004-08-30 22:38]

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 13:45]

R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 18:42]

R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 18:43]

S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]

S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2004-08-30 22:23]

S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 16:09]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-02-11 13:50:34 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Gaëlle.job"

 

 

Dois-je refaire un hijack ?

angelique Devil Member !

angelique

Posté(e)
Posté(e)

hello :P

 

1/- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1 >> telecharge le et met le sur ton bureau

 

2/ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\aoickrvm.dll
C:\WINDOWS\system32\WinSpooler.exe

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41EA46E8-1DE8-4AF9-8988-E8DC61A4B92F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"b4a7ebad"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

CFScript.gif

 

 

* Une fenêtre bleue va apparaitre: Laisse le travailler.

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

3/ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected et patiente jusqu'à "empty truc...... " et clic ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

4/Télécharge ewido anti-spyware micro scanner sur ton bureau.

  • Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  • Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  • Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  • Clique sur Start Scan et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
  • Poste le dans ta prochaine réponse.

  • Nb: clique sur Remove infections

---------Poste alors le rapport de ComboFix+rapport ewido micro-scanner+un nouveau rapport HJT

gaelle2805 Member

gaelle2805

Posté(e)
  • Auteur
Posté(e)

Voici le rapport de combofix

 

ComboFix 08-02-11.2 - Gaëlle 2008-02-12 17:07:26.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.416 [GMT 1:00]

Endroit: C:\Documents and Settings\Gaëlle\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Gaëlle\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

FILE

C:\WINDOWS\system32\aoickrvm.dll

C:\WINDOWS\system32\WinSpooler.exe

.

 

Pas d'infection trouvée par evido

 

Rapport hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:53, on 2008-02-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\sllights.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Norton Password Manager\AcctMgr.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\WINDOWS\Options\Install\Tray900.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\Options\Install\Phibtn.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Apps\ActivBoard\MMKeybd.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Apps\ActivBoard\TrayMon.exe

C:\Apps\ActivBoard\OSD.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: (no name) - {3088DFB6-85B8-46C4-B104-565B9A4BB274} - (no file)

O2 - BHO: (no name) - {41EA46E8-1DE8-4AF9-8988-E8DC61A4B92F} - (no file)

O2 - BHO: (no name) - {AE52DD9A-8D40-40D9-9675-0A3EE88A50D2} - (no file)

O2 - BHO: (no name) - {E0EA1F31-B58F-47E8-A185-20C52DF9F168} - (no file)

O2 - BHO: (no name) - {E7C2D9AE-A879-4AA3-A6C5-63950D3CFD8D} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [Traymin900] C:\WINDOWS\Options\Install\Tray900.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [PhiBtn] C:\WINDOWS\Options\Install\Phibtn.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\nerocheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173438387999

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - file:///C:/Documents%20and%20Settings/Gaëlle/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab

O18 - Protocol: offline-8876480 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

 

--

End of file - 11930 bytes

 

Merci encore

 

L'ordi me parait sain, plus de problèmes à l'horizon. :P

angelique Devil Member !

angelique

Posté(e)
Posté(e)
Voici le rapport de combofix

 

ComboFix 08-02-11.2 - Gaëlle 2008-02-12 17:07:26.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.416 [GMT 1:00]

Endroit: C:\Documents and Settings\Gaëlle\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Gaëlle\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

FILE

C:\WINDOWS\system32\aoickrvm.dll

C:\WINDOWS\system32\WinSpooler.exe

.

 

Pas d'infection trouvée par evido

 

**Moi , j'essaie de m'appliquer pour te donner des procedures completes!!alors applique toi pour me donner des rapports complets ; merci

 

a)Le rapport ComboFix est incomplet :P

 

b)j'ai pas le rapport d'eWido !!!

 

c) y'a des lignes à corriger avec HJT, que je ne ferais qu'à la vue des rapports Sus-Dit

gaelle2805 Member

gaelle2805

Posté(e)
  • Auteur
Posté(e)

**Moi , j'essaie de m'appliquer pour te donner des procedures completes!!alors applique toi pour me donner des rapports complets ; merci

 

a)Le rapport ComboFix est incomplet :P

 

b)j'ai pas le rapport d'eWido !!!

 

c) y'a des lignes à corriger avec HJT, que je ne ferais qu'à la vue des rapports Sus-Dit

 

 

Pour le rapport Combofix, cela fait trois fois que je refais la manip, trois fois que le rapport est identique à celui que je t'ai posté. Lorsque le système redémarre après execution de combofix, j'ai un message me disant que le fichier : C:\WINDOWS\system32\home:=\Combobatch.bat est introuvable. Peut-être est-ce l'explication à ce rapport incomplet.

 

Pour le rapport d'ewido, la touche Save report était grisée, je n'ai donc pas pu te mettre le rapport.

 

Désolée mais je conçois tout à fait que les efforts que tu fais pour m'aider te prennent de ton temps, alors que j'ai fait de mon mieux pour te poster ce que tu demandais.

Je vais refaire un scan ewido pour voir si je peux sauvegarder le rapport mais pour combofix, je ne vois plus quoi faire.

gaelle2805 Member

gaelle2805

Posté(e)
  • Auteur
Posté(e)

Toujours pas de rapport ewido après le second scan, pas d'infections trouvées, touche "save report" grisée.

Au démarrage de l'ordi, ce matin, une fenêtre bleue s'est ouverte avec écrit dans sa partie supérieure C...system32\kmd.exe mais toujours pas de rapport combofix complet.

 

Voici malgré tout à nouveau un rapport hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:39, on 2008-02-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\sllights.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\Options\Install\Tray900.exe

C:\WINDOWS\Options\Install\Phibtn.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Apps\ActivBoard\MMKeybd.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Apps\ActivBoard\TrayMon.exe

C:\Apps\ActivBoard\OSD.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\GALLE~1\LOCALS~1\Temp\Rar$EX00.219\autoruns.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [Traymin900] C:\WINDOWS\Options\Install\Tray900.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [PhiBtn] C:\WINDOWS\Options\Install\Phibtn.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\nerocheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173438387999

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - file:///C:/Documents%20and%20Settings/Gaëlle/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab

O18 - Protocol: offline-8876480 - {12C43C96-46AC-4449-9E8E-3E0A10AE29A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

 

--

End of file - 11598 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...