Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Virus détecté sur mon pc : TR/Vundo.Gen

Greggy

Par Greggy
dans Analyses et éradication malwares

 Partager

Messages recommandés

Greggy Junior Member

Greggy

Posté(e)
Posté(e)

Bonjour à tous,

j'ai Antivir d'installé sur mon pc et ce matin il m'a détecté le virus connu sous le nom "TR/Vundo.Gen"

 

J'aimerais savoir si quelqu'un peut m'aider pour la suppression de cette saleté car les fenêtres Antivir défilent pour me rappeler qu'il est bien présent sur mon pc -_-'

 

Voici mon rapport Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:08:00, on 8/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Greg\Bureau\greg.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKLM\..\Policies\Explorer\Run: [lsass] C:\WINDOWS\lsass.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233443021046

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_1_0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bw+0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: ddcBQijh - C:\WINDOWS\SYSTEM32\ddcBQijh.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 18331 bytes

 

Je précise que j'ai renommé Hijackthis par "greg" car j'ai vu que ce virus arrivais a se cacher lors d'un scan Hijackthis

 

Merci d'avance à tout ceux qui me répondront :P

Lien vers le commentaire
Partager sur d’autres sites

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

# vous devez désactiver la protection en temps réel, de votre antivirus qui détecte certains composants de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône en bas à droite à côté de l'horloge.

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Télécharger SDFix par AndyManchesta

et le sauvegarder sur le Bureau.

Double cliquer sur SDFix.exe et choisir Install pour l'extraire

SDFix s'installe à la racine de la partition système (par défaut, Généralement C:). .

 

Redémarrer en mode sans échec

 

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.bat pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

Si Sdfix ne se lance pas

1)Démarrer->Exécuter

Copiez/collez :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

cliquez ok, et validez.

Redémarrez et essayez de nouveau de lancer Sdfix.

 

2)Si vous avez le message Cette commande a été désactivée par votre Administrateur

Appuyez sur une touche pour continuer:

Démarrer->Exécuter

Copiez/Collez

%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg

Validez

Relancez Sdfix

 

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt

* Postez le rapport ici.

 

Téléchargez Malwarebytes' Anti-Malware (MBAM)

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

Lien vers le commentaire
Partager sur d’autres sites
Greggy Junior Member

Greggy

Posté(e)
  • Auteur
Posté(e)

Merci pour la réponse rapide (surtout un dimanche)

 

Voici le rapport de SDFix pour commencer (longue manip)

 

 

SDFix: Version 1.240

Run by Administrateur on dim. 08/02/2009 at 13:02

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\ddcBQijh.dll - Deleted

C:\WINDOWS\lsass.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-08 13:07:53

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:61,df,09,8c,7a,ce,f6,f4,32,71,4e,f5,7e,e2,70,ce,7d,8a,06,ae,e4,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,12,d7,19,18,cb,95,04,dc,ee,7c,58,f7,52,0f,63,5a,a4,..

"khjeh"=hex:c7,c3,84,b6,72,31,de,cb,c8,3b,db,ce,65,92,e9,a6,96,3b,0f,4c,e1,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:37,dc,c9,a6,94,8c,b5,bf,9c,40,25,45,87,fd,e4,c1,3a,58,31,7e,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:61,df,09,8c,7a,ce,f6,f4,32,71,4e,f5,7e,e2,70,ce,7d,8a,06,ae,e4,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,12,d7,19,18,cb,95,04,dc,ee,7c,58,f7,52,0f,63,5a,a4,..

"khjeh"=hex:c7,c3,84,b6,72,31,de,cb,c8,3b,db,ce,65,92,e9,a6,96,3b,0f,4c,e1,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:37,dc,c9,a6,94,8c,b5,bf,9c,40,25,45,87,fd,e4,c1,3a,58,31,7e,db,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sun 1 Feb 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

Finished!

Lien vers le commentaire
Partager sur d’autres sites
Greggy Junior Member

Greggy

Posté(e)
  • Auteur
Posté(e) (modifié)

Et voici le rapport après scan avec MBAM

 

Malwarebytes' Anti-Malware 1.33

Version de la base de données: 1738

Windows 5.1.2600 Service Pack 3

 

8/02/2009 14:58:09

mbam-log-2009-02-08 (14-58-09).txt

 

Type de recherche: Examen complet (C:\|D:\|L:\|)

Eléments examinés: 159742

Temps écoulé: 1 hour(s), 27 minute(s), 18 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\2IYQ6ED1\is169806[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{70AABAA4-1BB0-4021-96BF-D2D3129F5B6E}\RP54\A0013603.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{70AABAA4-1BB0-4021-96BF-D2D3129F5B6E}\RP54\A0013611.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{70AABAA4-1BB0-4021-96BF-D2D3129F5B6E}\RP51\A0012283.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Comment savoir maintenant si la suppression du virus a été correctement faite?

Modifié par Greggy
Lien vers le commentaire
Partager sur d’autres sites
Greggy Junior Member

Greggy

Posté(e)
  • Auteur
Posté(e)

Voici le rapport d'un scan Antivir après avoir exécuté vos instructions :

 

 

 

Avira AntiVir Personal

Report file date: dimanche 8 février 2009 15:07

 

Scanning for 1322990 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: ****************

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: ************

 

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36

ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 00:02:46

ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 30/01/2009 00:02:49

ANTIVIR3.VDF : 7.1.1.239 314880 Bytes 6/02/2009 16:42:21

Engineversion : 8.2.0.76

AEVDF.DLL : 8.1.1.0 106868 Bytes 1/02/2009 00:02:56

AESCRIPT.DLL : 8.1.1.43 344442 Bytes 6/02/2009 16:42:27

AESCN.DLL : 8.1.1.6 127348 Bytes 1/02/2009 00:02:54

AERDL.DLL : 8.1.1.3 438645 Bytes 4/11/2008 13:58:38

AEPACK.DLL : 8.1.3.8 397684 Bytes 5/02/2009 16:42:42

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/02/2009 00:02:53

AEHEUR.DLL : 8.1.0.90 1573237 Bytes 5/02/2009 16:42:40

AEHELP.DLL : 8.1.2.0 119159 Bytes 1/02/2009 00:02:51

AEGEN.DLL : 8.1.1.14 332148 Bytes 6/02/2009 16:42:26

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56

AECORE.DLL : 8.1.6.4 176501 Bytes 3/02/2009 08:55:02

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 9/07/2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 9/05/2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: dimanche 8 février 2009 15:07

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'greg.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned

Scan process 'msmsgs.exe' - '1' Module(s) have been scanned

Scan process 'btdna.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'nvPDsvc.exe' - '1' Module(s) have been scanned

Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

32 processes with 32 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

Master boot sector HD4

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

Master boot sector HD5

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

Master boot sector HD6

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '56' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{70AABAA4-1BB0-4021-96BF-D2D3129F5B6E}\RP41\A0008202.exe

[0] Archive type: CAB SFX (self extracting)

--> \NVCPL.HL_

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <PB_SAVE>

D:\System Volume Information\_restore{0871480A-7FB9-499E-B7AD-FEA6D4B238F3}\RP116\A0024351.exe

[DETECTION] Is the TR/AdbPat.C Trojan

[NOTE] The file was moved to '49bef365.qua'!

D:\System Volume Information\_restore{70AABAA4-1BB0-4021-96BF-D2D3129F5B6E}\RP51\A0012092.exe

[DETECTION] Is the TR/Agent.72607.A Trojan

[NOTE] The file was moved to '49bef482.qua'!

D:\Vidéo\dricos film\Bsplayer Pro v2.10.939 Multilangages Incl Keygen.rar

[0] Archive type: RAR

--> Keygen\keygen.exe

[DETECTION] Is the TR/Delf.116736 Trojan

[NOTE] The file was deleted!

D:\sauvegarde du 265\Ma musique\LimeWire\Saved\halleyujah john bekler.wav.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

 

 

End of the scan: dimanche 8 février 2009 16:33

Used time: 1:25:47 Hour(s)

 

The scan has been done completely.

 

5926 Scanning directories

466617 Files were scanned

4 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

2 files were deleted

0 files were repaired

2 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

466611 Files not concerned

6546 Archives were scanned

7 Warnings

4 Notes

 

 

Le lecteur D:/ n'est qu'un disque dur externe utilisé en guise de cle USB pour la sauvegarde de mes fichiers. il n'y a donc aucun OS d'installé dessus. Puis-je supprimer les deux virus qui sont dessus dans les fichiers "restore" ?

Lien vers le commentaire
Partager sur d’autres sites
pear Devil Member !

pear

Posté(e)
Posté(e)
Puis-je supprimer les deux virus qui sont dessus dans les fichiers "restore" ?

Ceci le fait !

Désinstallez la Restauration Système.

 

Poste de Travail->Propriétés->Restauration Système.

Cocher la case "Désactiver la Restauration sur tous les lecteurs".

Vous la décocherez par la suite, après désinfection.

Un nouveau point de restauration sera créé au redémarrage.

Lien vers le commentaire
Partager sur d’autres sites
Greggy Junior Member

Greggy

Posté(e)
  • Auteur
Posté(e)

Je l'ai fait apres une petite recherche concernant les dossier restore. Mon dernier scan MBAM et antivir n'ont donné aucun résultats positif à la recherche de virus ou malwares.

Je n'ai plus non plus de message d'avira me disant que mon pc est infecté par le virus que j'avais au départ donc je pense que mon problème est résolu.

 

Voulez-vous malgré tout encore un scan de HijackThis pour vérification?

Lien vers le commentaire
Partager sur d’autres sites
Greggy Junior Member

Greggy

Posté(e)
  • Auteur
Posté(e)

Pas de soucis, on est "demain" à cette heure ci je pense :P

 

voilà le log et je précise aussi que depuis mon dernier message je n'ai toujours pas eu d'alerte. j'en ai profité pour installer un anti spyware et j'ai aussi fait le ménage sur mon pc avec ccleaner:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:43:04, on 9/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\greg.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233443021046

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_1_0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bw+0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 18022 bytes

 

Par contre, j'aimerais savoir a quoi correspond cette ligne dans le log =>> O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

La chaine correspond à quoi sur mon PC? Et pourquoi il ne trouve pas de nom et de fichier?

 

à tout à l'heure :P

Lien vers le commentaire
Partager sur d’autres sites
pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

vous avez installé Spyware Terminator.

Je n'ai rien contre, à la condition, toutefois,que vous n'installiez jamais la Crawler Toolbar!

 

Vous avez eu la bonne idée de sactiver Logitech Messenger.

 

Dans Hijackthis,cochez ces lignes puis clic sur Fix checked

 

Tout cela est inutile au démarrage.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

et toutes les lignes O18

O18 - Protocol: bw+0 - {A1B7A8BA-3EE3-4435-AE00-999160998F8C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...