Fun Web Products

[cerise]

Bonjour, je débute et je rame devant un problème d'élimination de FUN products trouvés par "spybot search et destroy"!

Au début j'avais un problème de popuppers qui s'ouvrait au lancement de windows XP pro. Ceci m'a fait démarer une recherche de spy et adaware et là surprise: j' ai découvert pas mal de choses que j'ai pu supprimer. Désormais je me demande comment enlever FunWeb Products qui est dans 4 dossiers (?) de HKEY_USERS. L'ordinateur semble plus lent à l'ouverture d'IE qu'auparavant.

De plus j'ai l'impression que Panda a trouvé d'autres fichiers infectés.

Voici Hijack, qu'est ce que je dois fixer?

Merci pour votre aide

 

Logfile of HijackThis v1.99.1

Scan saved at 13:33:47, on 02/03/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\help\etc\sys32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\1XConfig.exe

C:\WINDOWS\tppaldr.exe

C:\WINDOWS\system32\MMTrayLSI.exe

C:\WINDOWS\system32\MMTray2k.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\System32\DSentry.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\BacsTray.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\a65d.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\olivier\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [bacstray] BacsTray.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [popuppers65] C:\WINDOWS\a65d.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm795YYFR

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.popuppers.com

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/291e6043451322...RdxIE601_fr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098526895341

O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/s...er/PROFILER.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O18 - Protocol: bw+0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {030FE3DE-315C-4E0C-802A-08BA2A8F86E5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

O20 - AppInit_DLLs: Alion.dll

O20 - Winlogon Notify: LBTServ - C:\Program Files\Fichiers communs\Logitech\Bluetooth\lbtserv.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\olivier\Bureau\CWShredder.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

[cerise]

mon cas semble être désespéré ou trop banal. Snif.

 

avez vous besoin d'autres infos?

[neos]

salut

refait un scan avec tes outils panda ,adaware et spybot en mode sans echec =

(F8 au demarrage du pc)

et voici un tuto pour hijackthis

HijackThis

tiens nous au courant et refais un log

Modifié le 2 mars 2005 par neos

[H3aVeN]

Tu peux poster ton log sur cette page pour avoir une analyse

[Invité jibi049]

Un sujet similaire

http://forum.zebulon.fr/index.php?showtopic=61466

[cerise]

j'ai fait spybot et adaware en mode sans échec

puis panda on line et voilà ce qu'il me donne:

 

Incident Statut Analyse

 

Spyware:Spyware/Media-motor No Désinfecté C:\WINDOWS\a65d.exe

Adware:Adware/MyWay No Désinfecté Registre Windows

Adware:Adware/nCase No Désinfecté C:\WINDOWS\180ax_gdf.dat

Adware:Adware/SAHAgent No Désinfecté C:\WINDOWS\unstall.exe

Adware:Adware/BHO No Désinfecté Registre Windows

Adware:Adware/PowerStrip No Désinfecté C:\Program Files\PowerStrip

Adware:Adware/CWS.Searchmeup No Désinfecté Registre Windows

Spyware:Spyware/Media-motor No Désinfecté C:\WINDOWS\a64sddd.exe

Spyware:Spyware/Media-motor No Désinfecté C:\WINDOWS\a65d.exe

Adware:Adware/WinTools No Désinfecté C:\WINDOWS\EDow_AS2.exe

Spyware:Spyware/Dyfuca No Désinfecté C:\WINDOWS\o2.exe

J'ai supprimé quelques fichiers avec hijackthis mais je n'arrive pas à supprimer les fichiers en cours d'execution comme par exemple.

C:\WINDOWS\help\etc\sys32.exe

Méchant Tâche en cours. (sys32.exe)

WORM_WOOTBOT.X Méchant ! Terminez cette tâche manuellement et essayez de l'effacer.

[stin07bis]

bonjour,...

 

sys32.exe =FLUX.E TROJAN!

 

WORM_WOOTBOT.X

 

pon execution, this worm drops a copy of itself named SYS32.EXE in the Windows system folder. It then registers itself as a service.

 

It also creates the following registry entries so that it executes at every Windows startup:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows

CurrentVersion\Runonce

Win32 USB2 Driver = “sys32.exe”

 

HKEY_CURRENT_USER\Software\Microsoft\Windows

CurrentVersion\Run

Win32 USB2 Driver = “sys32.exe”

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

CurrentVersion\RunServices

Win32 USB2 Driver = “sys32.exe”

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

CurrentVersion\RunOnce

Win32 USB2 Driver = “sys32.exe”

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

CurrentVersion\Run

Win32 USB2 Driver = “sys32.exe”

 

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows

CurrentVersion\RunOnce

Win32 USB2 Driver="sys32.exe"

 

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows

CurrentVersion\Run

Win32 USB2 Driver="sys32.exe"

 

It registers itself as a system service by creating the following registry key where it stores information:

 

HKHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32

 

It has the service display name Win32 USB2.

 

enleve ces clefs...mode sans echec(F8) (enleve la restosysteme)...nettoyage de tes fichiers "temp" internet...

repasse "spybot" et ton antivirus (toujours en mode sans echec...)

nettoyage du DD...defrag...reboot

refait 1 scan en ligne pour voir si c'est ok..

 

@+

[cerise]

j'ai fait la marche à suivre ci dessus. Je n'ai d'ailleurs trouvés les fichiers dans les clés et après avoir refait une analyse en ligne avec panda, voila ce que j'obtiens:

 

Adware:Adware/MyWay No Désinfecté Registre Windows

Adware:Adware/nCase No Désinfecté C:\WINDOWS\180ax_gdf.dat

Adware:Adware/SAHAgent No Désinfecté C:\WINDOWS\unstall.exe

Adware:Adware/BHO No Désinfecté Registre Windows

Adware:Adware/PowerStrip No Désinfecté C:\Program Files\PowerStrip

Adware:Adware/CWS.Searchmeup No Désinfecté Registre Windows

Spyware:Spyware/Media-motor No Désinfecté C:\WINDOWS\a64sddd.exe

Spyware:Spyware/Media-motor No Désinfecté C:\WINDOWS\a65d.exe

Adware:Adware/WinTools No Désinfecté C:\WINDOWS\EDow_AS2.exe

Spyware:Spyware/Dyfuca No Désinfecté C:\WINDOWS\o2.exe

[stin07bis]

bonjour,....

 

dl swchredder..ici..(passe le en mode sans echec..)

http://assiste.free.fr/comparatif.php

 

 

Spyware:Spyware/Dyfuca No Désinfecté C:\WINDOWS\o2.exe

http://www.trendmicro.com/vinfo/grayware/graywareDetails.asp?SNAME=ADW_DYFUCA.K

 

puis nettoyage pc...defrag..reboot..

 

bonne chance

@+

Modifié le 3 mars 2005 par stin07bis

[cerise]

Bonjour, peux tu m'expliquer un peu plus (à cause de mon niveau débutant).

Comment fais tu pour trouver dl swchredder(je ne le vois pas sur ton lien ) et ensuite de le démarer en mode sans échec (je n'ai pas à accés à internet quand je suis en mode sans échec)

Ensuite pour le deuxième lien spyware: qu'est ce qu'il faut comprendre et faire?

Enfin avant d'avoir lu ton post, j'avais essayé analyse avec trend qui m' a trouvé:1 infection: TROJ_WEBSEARCH.A(........) C:WINDOWS\EDow_AS2.exe

Merci