Sujet Précédent Sujet Suivant

Mon pc s'étteind quand je lance ad-aware

Fermé
jo403 - 6 mars 2006 à 20:04
 Utilisateur anonyme - 23 mars 2006 à 06:34
Bonjour à tous,

Quelqu'un peut il m'éclairer sur la présence possible d'un virus.
Depuis quelques jours, dès que je lance ad-aware mon pc s'etteind !! j'ai essayer de le réinstaller mais le résultat reste le même. Merci d'avance pour vos réponses.
A voir également:

29 réponses

  • 1
  • 2
Réponse 1 / 29
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
6 mars 2006 à 20:17
bjr
ds l ordre
1/ - telech
ewido (dowload)
http://www.ewido.net/fr/download/
copie/COLLE rapport entier

2/ - scan online sous IE
http://www.bitdefender.fr/bd/site/search.php#
copie/COLLE rapport entier

3/ -
telech
http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
exécute suivant tutos
http://pageperso.aol.fr/balltrap34/Hijenr.gif
http://pageperso.aol.fr/balltrap34/demohijack.htm

0
Réponse 2 / 29
jo403
7 mars 2006 à 13:57
Voici mon rappot ewido :

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 20:48:39, 06/03/2006
+ Somme de contrôle: 9D9D944F

+ Résultats du scan:

HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder
C:\Documents and Settings\Johann\Cookies\johann@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Johann\Cookies\johann@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\Johann\Cookies\johann@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe/winlogon.exe -> Hijacker.Agent.ap : Erreur durant le nettoyage
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe/dr.exe -> Downloader.Adload.j : Erreur durant le nettoyage
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe/scctd.exe -> Proxy.Daemonize.bx : Erreur durant le nettoyage
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe/winlogon.exe -> Hijacker.Agent.ap : Erreur durant le nettoyage
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe/dr.exe -> Downloader.Adload.j : Erreur durant le nettoyage
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe/scctd.exe -> Proxy.Daemonize.bx : Erreur durant le nettoyage
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89GBC18F\winsysupd5[1].exe -> Hijacker.StartPage.ahg : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C7K9SHUJ\winsysban5[1].exe -> Hijacker.VB.kc : Nettoyer et sauvegarder
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe/scctd.exe -> Proxy.Daemonize.bx : Erreur durant le nettoyage
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe/scctd.exe -> Proxy.Daemonize.bx : Erreur durant le nettoyage
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\picture39[1].exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\Program Files\Microsoft AntiSpyware\Quarantine\7E3EB3F0-85BF-45F8-A055-43F19C\3D382230-562B-4FA0-A2E1-B265FC -> Hijacker.VB.kc : Nettoyer et sauvegarder
C:\WINDOWS\lsass2.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder


::Fin du rapport

je fais la suite dès maintenant. Merci pour ton aide.
0
Réponse 3 / 29
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
7 mars 2006 à 14:41
hello
1/ _ Vide la quarantaine de ton "Microsoft AntiSpyware"

2/ _ pour lignes se terminant par " Erreur durant le nettoyage "
et cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..)
http://pageperso.aol.fr/balltrap34/democleanup.htm
¤Télécharger CleanUp40 (qui élimine les fichiers temporaires) sur ce lien : http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

refaire un ewido pour voir si ces blems sont corrigés

3/ _ et bien sur continuer par ceci
scan online sous IE
http://www.bitdefender.fr/bd/site/search.php#
copie/COLLE rapport entier

@ +
0
Réponse 4 / 29
jo403
7 mars 2006 à 15:00
ok, ça marche. Pour le rapport bitdefender voici :

BitDefender Online Scanner



Rapport d'analyse généré à: Tue, Mar 07, 2006 - 14:51:10





Voie d'analyse: A:\;C:\;D:\;E:\;







Statistiques

Temps
00:48:02

Fichiers
197742

Directoires
4690

Secteurs de boot
2

Archives
3012

Paquets programmes
23163




Résultats

Virus identifiés
10

Fichiers infectés
25

Fichiers suspects
1

Avertissements
0

Désinfectés
0

Fichiers effacés
26




Info sur les moteurs

Définition virus
297914

Version des moteurs
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Analyse des plugins
13

Archive des plugins
39

Unpack des plugins
4

E-mail plugins
6

Système plugins
1




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{0314CB9C-67A7-41F8-B07C-69D5A86DB420}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{0314CB9C-67A7-41F8-B07C-69D5A86DB420}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{0314CB9C-67A7-41F8-B07C-69D5A86DB420}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{0314CB9C-67A7-41F8-B07C-69D5A86DB420}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{09EEE3ED-BFD5-4F96-9463-FAE7369234A9}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{09EEE3ED-BFD5-4F96-9463-FAE7369234A9}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{09EEE3ED-BFD5-4F96-9463-FAE7369234A9}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{09EEE3ED-BFD5-4F96-9463-FAE7369234A9}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{13FEA096-259E-4859-A78E-C670F4218A0A}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{13FEA096-259E-4859-A78E-C670F4218A0A}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{13FEA096-259E-4859-A78E-C670F4218A0A}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{13FEA096-259E-4859-A78E-C670F4218A0A}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{1E421B94-F457-4128-A91D-EF93AED4139D}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{1E421B94-F457-4128-A91D-EF93AED4139D}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{1E421B94-F457-4128-A91D-EF93AED4139D}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{1E421B94-F457-4128-A91D-EF93AED4139D}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{2697F4A2-4A9B-4E20-9533-0C89434880FD}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{2697F4A2-4A9B-4E20-9533-0C89434880FD}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{2697F4A2-4A9B-4E20-9533-0C89434880FD}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{2697F4A2-4A9B-4E20-9533-0C89434880FD}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{33C5C6FD-8C91-4CA3-88C1-080D815E03BB}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{33C5C6FD-8C91-4CA3-88C1-080D815E03BB}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{33C5C6FD-8C91-4CA3-88C1-080D815E03BB}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{33C5C6FD-8C91-4CA3-88C1-080D815E03BB}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{3FE69E15-859B-4775-96B3-2F97B9B2F65C}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{3FE69E15-859B-4775-96B3-2F97B9B2F65C}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{3FE69E15-859B-4775-96B3-2F97B9B2F65C}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{3FE69E15-859B-4775-96B3-2F97B9B2F65C}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{5E4160B7-0654-4BBD-8BCD-BC121C86358F}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{5E4160B7-0654-4BBD-8BCD-BC121C86358F}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{5E4160B7-0654-4BBD-8BCD-BC121C86358F}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{5E4160B7-0654-4BBD-8BCD-BC121C86358F}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{8E1E8506-585A-4B94-8600-A78E1A04A1BE}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{8E1E8506-585A-4B94-8600-A78E1A04A1BE}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{8E1E8506-585A-4B94-8600-A78E1A04A1BE}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{8E1E8506-585A-4B94-8600-A78E1A04A1BE}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{93AA4266-1A4C-4A40-8A39-7874856CC56C}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{93AA4266-1A4C-4A40-8A39-7874856CC56C}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{93AA4266-1A4C-4A40-8A39-7874856CC56C}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{93AA4266-1A4C-4A40-8A39-7874856CC56C}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{94B93B0A-6794-4792-83CA-87861CCE853F}\calendrier_adriana_carambeu.zip=>calendrier_adriana_carambeu.exe
Infecté par: Joke.Cursor.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{94B93B0A-6794-4792-83CA-87861CCE853F}\calendrier_adriana_carambeu.zip=>calendrier_adriana_carambeu.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{94B93B0A-6794-4792-83CA-87861CCE853F}\calendrier_adriana_carambeu.zip=>calendrier_adriana_carambeu.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{94B93B0A-6794-4792-83CA-87861CCE853F}\calendrier_adriana_carambeu.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{B41DADBA-ED06-4548-9970-29A3A8C70EB0}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{B41DADBA-ED06-4548-9970-29A3A8C70EB0}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{B41DADBA-ED06-4548-9970-29A3A8C70EB0}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{B41DADBA-ED06-4548-9970-29A3A8C70EB0}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{F0334560-0FA4-4704-BB38-1914D85E958F}\calendrier_adriana_carambeu.zip=>calendrier_adriana_carambeu.exe
Infecté par: Joke.Cursor.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{F0334560-0FA4-4704-BB38-1914D85E958F}\calendrier_adriana_carambeu.zip=>calendrier_adriana_carambeu.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{F0334560-0FA4-4704-BB38-1914D85E958F}\calendrier_adriana_carambeu.zip=>calendrier_adriana_carambeu.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{F0334560-0FA4-4704-BB38-1914D85E958F}\calendrier_adriana_carambeu.zip
Echec de la mise à jour

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{F6C49949-FC49-4B9E-AF3A-9F30A3C4AA32}\sexsuite.zip=>archstored:sexsuite.exe
Infecté par: Joke.Briga.A

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{F6C49949-FC49-4B9E-AF3A-9F30A3C4AA32}\sexsuite.zip=>archstored:sexsuite.exe
Echec de la désinfection

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{F6C49949-FC49-4B9E-AF3A-9F30A3C4AA32}\sexsuite.zip=>archstored:sexsuite.exe
Supprimé

C:\Documents and Settings\Johann\Local Settings\Application Data\IM\Identities\{C940BEBE-3A03-4528-B577-52E70F6831A9}\Message Store\Attachments\{F6C49949-FC49-4B9E-AF3A-9F30A3C4AA32}\sexsuite.zip
Echec de la mise à jour

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe=>(CAB Sfx r)=>winlogon.exe
Infecté par: Trojan.Dropper.PurityScan.H

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe=>(CAB Sfx r)=>winlogon.exe
Echec de la désinfection

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe=>(CAB Sfx r)=>winlogon.exe
Supprimé

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe=>(CAB Sfx r)
Echec de la mise à jour

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe=>(CAB Sfx r)=>scctd.exe
Infecté par: Trojan.Proxy.Daemonize.BX

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe=>(CAB Sfx r)=>scctd.exe
Echec de la désinfection

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe=>(CAB Sfx r)=>scctd.exe
Supprimé

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\cashp[1].exe=>(CAB Sfx r)
Echec de la mise à jour

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\launcher[1].exe
Infecté par: Trojan.Downloader.NSIS.Agent.P

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PKRMZC7\launcher[1].exe
Supprimé

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)=>dr.exe
Infecté par: Trojan.Downloader.Adload.P

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)=>dr.exe
Echec de la désinfection

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)=>dr.exe
Supprimé

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)
Echec de la mise à jour

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)=>is396.exe
Infecté par: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)=>is396.exe
Echec de la désinfection

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)=>is396.exe
Supprimé

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)
Echec de la mise à jour

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)=>scctd.exe
Infecté par: Trojan.Proxy.Daemonize.BX

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)=>scctd.exe
Echec de la désinfection

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)=>scctd.exe
Supprimé

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5CJEFGT\cp[1].exe=>(CAB Sfx r)
Echec de la mise à jour

C:\System Volume Information\_restore{35588A97-4A33-4ED0-B1C6-4B839D0E41E5}\RP12\A0010961.exe
Infecté par: Trojan.LipGame.B

C:\System Volume Information\_restore{35588A97-4A33-4ED0-B1C6-4B839D0E41E5}\RP12\A0010961.exe
Echec de la désinfection

C:\System Volume Information\_restore{35588A97-4A33-4ED0-B1C6-4B839D0E41E5}\RP12\A0010961.exe
Supprimé

C:\System Volume Information\_restore{35588A97-4A33-4ED0-B1C6-4B839D0E41E5}\RP17\A0013455.exe
Infecté par: Backdoor.SDBot.AE757E6D

C:\System Volume Information\_restore{35588A97-4A33-4ED0-B1C6-4B839D0E41E5}\RP17\A0013455.exe
Supprimé

C:\System Volume Information\_restore{35588A97-4A33-4ED0-B1C6-4B839D0E41E5}\RP7\A0009718.exe
Infecté par: Trojan.Proxy.Daemonize.BX

C:\System Volume Information\_restore{35588A97-4A33-4ED0-B1C6-4B839D0E41E5}\RP7\A0009718.exe
Echec de la désinfection

C:\System Volume Information\_restore{35588A97-4A33-4ED0-B1C6-4B839D0E41E5}\RP7\A0009718.exe
Supprimé

C:\WINDOWS\system32\i
Infecté par: Backdoor.BotGet.FtpB.Gen

C:\WINDOWS\system32\i
Supprimé

C:\WINDOWS\system32\mshlpa.exe
Suspecté de: GenPack:Generic.Malware.Y.4A84946C

C:\WINDOWS\system32\mshlpa.exe
Echec de la désinfection

C:\WINDOWS\system32\mshlpa.exe
Supprimé



j'attaque la suite...à plus tard.merci.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 29
uiof
7 mars 2006 à 15:06
ah oui, j'ai oublié une petite question !
J'ai clearprog, c'est vraiment la peine que je telecharge cleanup40 ou c'est la même chose ?
0
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
8 mars 2006 à 14:23
bjr
je ne connaissais pas clearprog
d aprés ma lecture un peu partout il semble bien moins puissant que cleanup40 qui a des fonctions en plus
0
Réponse 6 / 29
jo403
7 mars 2006 à 15:12
et voici mon rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 15:09:57, on 07/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\awvtt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141062625625
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.st-malo.com/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78893F59-7630-4769-A801-994664218667}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: bw+0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Logon for Windows Xp (winlogonXP) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
0
Réponse 7 / 29
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
7 mars 2006 à 15:15
hello
ben t'étais crade !!
refais ewido et bitdefender que je puisse bien voir les échecs de désinfection
il ne devrait plus rester grd chose , mais cela me permettra d'agir
0
Réponse 8 / 29
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
7 mars 2006 à 15:30
re
je viens de lire ton hijack
tu as une infection sur lignes 02/020
on fait un ménage préliminaire
et je m'en occupe ds un prochain message
=========
fixe ceci pour commencer
te rappelle cmt faire sur ce lien
(http://pageperso.aol.fr/balltrap34/demohijack.htm )

O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141062625625
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.st-malo.com/activex/AxisCamControl.cab
+
O18 - Protocol: bw+0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DDF68EFA-C104-43A5-9ECE-5B073D70BB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
+
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
+


ds prochain message je traiterai les
O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\awvtt.dll
&
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll
0
Réponse 9 / 29
jo403
7 mars 2006 à 15:48
Juste un petite précision : je dois fixer toutes les 018, c'est ça ?
Parce que c'est un peu fastidieu de toutes les lire une par une. J'attend ta réponse pour être sur de ne pas faire de bêtise. Merci.
0
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
7 mars 2006 à 18:48
oui ttes
n ont pas trop d utilités bien que saines
0
Réponse 10 / 29
jo403
7 mars 2006 à 15:59
ok, c'est bon j'ai compris ce que je dois faire. J'ai coché et fixé toutes les lignes. Voici un nouveau rapport Hijackthis. J'attend tes conseils pour la suite. Merci de m'accorder un peu de ton temps, vive l'entraide !

Logfile of HijackThis v1.99.1
Scan saved at 15:58:11, on 07/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack this\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\awvtt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{78893F59-7630-4769-A801-994664218667}: NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Logon for Windows Xp (winlogonXP) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
0
Réponse 11 / 29
jo403
7 mars 2006 à 17:30
excuse moi de te relancer, je me doute bien que tu conseille je ne sais combien de personnes à la fois... mais j'aimerai bien en finir avec ces virus. Merci à toi.
0
Réponse 12 / 29
jo403
7 mars 2006 à 20:27
bon, bon....
alors j'ai suivi tes conseils avec exactitude. J'ai même rajouté quelques grand classiques (a², spybot, scan complet de mon pc avec avast, defragmentation). Et j'ai toujours mon probleme dès que j'utilise ad- aware, plus une fenetre de pub qui n'existait pas avant(winfixer 2005) et un truc qui apparait de maniere systematique sur microsoft anti spyware (E group.ieaccess.c)

j'ettend tes conseils pour la suite docteur. Merci
0
Réponse 13 / 29
jo403
8 mars 2006 à 14:33
Salut.

de toute façon j'ai aussi passé un coup de cleanup40. J'attent tes conseils pour la suite, en tout cas mes problemes ne sont pas encore résolus...
0
Réponse 14 / 29
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
8 mars 2006 à 14:38
hello
concernant le blem 02/020
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll
O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\awvtt.dll
===================
la méthode
Trojan Vundo/Trojan Agent CS1/Virtualmonde


1ere méthode de désinfection :

Au préalable :

Télécharger et Générer un rapport avec HijackThis.
c est fait !

1/
Télécharger Process XP ici :
http://www.sysinternals.com/files/procexpnt.zip

Télécharger : Pocket Killbox ici :
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci à Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

**
Si vous avez le Tea Timer de Spybot :
Désactive le temps de la manip, le Tea timer de Spybot
lance Spybot >mode avancé> outils >> résident
Décoche la case résident "tea timer"
referme Spybot

2/

Déconnecte toi du net.
Ferme tous les programmes en cours (média player, internet explorer, ...etc)

Dézippe (clic droit > extraire) Process XP et double-clique sur processxp.exe

* Dans la fenêtre principale de processxp double-clique sur winlogon.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
Sélectionne seulement les lignes qui contiennent la .dll infectée
càd 'awvtt.dll '
puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec ok

* Dans la fenêtre principale de processxp double clic sur explorer.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionner seulement les lignes qui contiennent la .dll infectee
càd 'awvtt.dll '

puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec [ok]

3/

Puis lancer HijackThis:

clique sur "do a system scan only"

* Cocher la case au début de ces lignes:

Fixer la 02 et 020 (la 02 a souvent comme nom MSevent.La dll de la 020 et de la 02 est similaire !)

* Valider avec [fix checked]


5/

Double clic sur killbox.exe (Pocket Killbox)

- coche : Delete on reboot
- Dans "Full Path of File to Delete"
copie et colle :

Insérer le chemin complet de l’infection (disponible en 02 et 020)

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer, clique sur YES

Laisse le PC redémarrer.
Si tu as un message: "pending file rename operations registry data has been removed by external process.", ignorez-le, et redémarrez votre PC manuellement.
http://tinypic.com/jsj7kl.jpg
Recocher la case pour réactiver le Tea Timer de Spybot.
Et après vérifier dans un log HijackThis que tout a disparu.

0
Réponse 15 / 29
jo403
8 mars 2006 à 15:29
re

bon, je viens de faire exactement toutes les manipulation, dans l'ordre, bien entendu mais j'ai l'impression que ça na rien changé. Enfin pour en ^tre certain je te poste mon log Hijack et j'attend tes ordres pour la suite.

Logfile of HijackThis v1.99.1
Scan saved at 15:26:29, on 08/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Hijack this\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\awvtt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{78893F59-7630-4769-A801-994664218667}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: Windows Logon for Windows Xp (winlogonXP) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
0
Réponse 16 / 29
jo403
9 mars 2006 à 20:40
bonsoir,

J'attend toujours tes conseils pour la suite. (voir message précédent)
merci.
0
Réponse 17 / 29
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
10 mars 2006 à 01:39
hello

hum c est bien d attendre
figure-toi que j ai une 30aine de mess de ccm par jour
et les pathologies sont parfois si lourdes....
==============================
re-hum si cela a échoué c est pcq me suis foutu dedans ds mon explication, il faut que j en reconstruise un autre tut plus clair et sans erreur - mea culpa
============================
en attendant qques bricoles inutiles à régler:
pour faire dispara^tre
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Windows Logon for Windows Xp (winlogonXP) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)

dema+exécuter+tape services.msc
dans le déroulant
cherche successivement
- Service: France Telecom Routing Table Service (FTRTSVC)
&
- Service: Windows Logon for Windows Xp (winlogonXP)
& désactive ces 2 programmes
===========================
on en revient au blem de fond

Puis fais ceci:

Telecharge Killbox : http://www.generation-nt.com/telecharger/fiche/344/KillBox/
lire tuto
http://pageperso.aol.fr/balltrap34/killbox.htm

Doubles clique sur killbox.exe (Pocket Killbox)

- coches: delete on reboot
dans la barre vide entre ceci: (exactement)

C:\WINDOWS\System32\awvtt.dll

- cliques sur la croix rouge
- une fenetre va apparaitre pour confirmation cliques sur YES
- une seconde fenetre te demande si tu veux redemarrer cliques sur NO

Laisses le pc redemarrer puis met un nouveau rapport HijackThis
--

0
Réponse 18 / 29
jo403
10 mars 2006 à 15:10
Bonjour,

merci pour ta réponse, excuse moi si je suis un peu insistant, c'est juste que j'aimerai bien regler ce probleme. Mais je me doute bien que tu dois etre débordé de questions ! c'est ça d'être un pro !
bon, alors j'ai suivi tes conseils à la lettre, voici mon rapport Hijack :

Logfile of HijackThis v1.99.1
Scan saved at 15:10:28, on 10/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack this\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\awvtt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{78893F59-7630-4769-A801-994664218667}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
0
Réponse 19 / 29
aranjuez31 Messages postés 8047 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 354
10 mars 2006 à 15:59
hello
suis pas un pro
ai débarqué un jour comme toi avec mes blems
et j apprends tjrs
la preuve
tu as tjrs ces 2 p...... de lignes qui se terminent par
awvtt.dll
en 02 & 020
et c est bien accroché
je garde ton mess en vue dans ma box
pour comprendre où je merde
0
Réponse 20 / 29
jo403
10 mars 2006 à 16:54
j'espere seulement qu'un jour je pourrai être un "pas pro" comme toi ;-)

je ta laisse le temps pour trouver la solution...je vais en WE.Merci, bon WE à toi.
0
Utilisateur anonyme
11 mars 2006 à 00:43
Salut,

Télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
double clique sur l2mfix.exe pour lancer l'extraction.
dans le dossier l2mfix, double clique sur l2mfix.bat et choisis l'option 1 et valide avec la touche entrée
il va te generer un rapport
Copie et colle le resultat ici s'il te plait.

a++
0