Posez votre question Signaler

Virus W32 nebuler et backdoor.wrag [Résolu]

zabo32 39Messages postés 18 septembre 2006Date d'inscription 26 février 2010Dernière intervention - Dernière réponse le 22 sept. 2006 à 09:43

Bonjour,

J'ai sur mon PC 2 virus qui me pourrissent la vie: W32.nebuler et backdoor.wrag (détecté par zeropsyware, mon antispyware). J'ai fait appel à hijackThis et voici le rapport. Si quelqu'un à une idée comment me débarasser de ces bestioles !!!
Merci d'avance.
Zabo

Virus W32 nebuler et backdoor.wrag »

Suggestions

Virus W32 nebuler et backdoor.wrag
Virus W32/backdoor-CBF caché où ? » Forum
Infecté par un Trojan win32 gen (Résolu) » Forum
Télécharger Free Virus Removal Tool for W32/Piker Trojan » Télécharger
Télécharger Free Virus Removal Tool for W32/WOW Trojan » Télécharger
Virus W32/drefir.worm.gen - Fichiers 0 ko (Résolu) » Forum

Plus

Réponse

boulepate62 23346Messages postés 14 mars 2006Date d'inscription 4 avril 2012Dernière intervention 18 sept. 2006 à 16:53

Salut,

j'ai vu ton rapport, commence par désactiver le pare-feu de Windows(SP2) car il ne sert à rien puis installe celui-ci

Kerio: (pare-feu, qui reste gratuit après la periode d'essai!)
Kerio Personal Firewall
-tutorial: pour configurer et comprendre l'utilisation de Kerio
http://kerio.probb.fr/

Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici avec un nouveau rapport hijackthis
Ewido: (reste gratuit après la période d'essai)
Télécharger Ewido Security Suite

Ajouter un commentaire - Site web

zabo32- 19 sept. 2006 à 13:09

Ok l'ami.

J'ai lancé scan ewido, je joins le rapport et j'ai téléchargé Kéria (vraiment top ce logiciel !).
Je lance un hijackThis et joins également le rapport.
Après je vais voir si j'ai toujours mes Trojan...
En espérant que non !!!

@+

PS1:

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:01:35 19/09/2006

+ Scan result:

C:\WINDOWS\system32\awtttst.dll -> Adware.Virtumionde : Cleaned.
C:\WINDOWS\system32\pmnkihh.dll -> Adware.Virtumionde : Cleaned.
C:\WINDOWS\Temp\idd100.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd101.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd10D.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd122.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd140.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd155.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd173.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd188.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd1A6.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd1BB.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd1D9.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd1EE.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd20C.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd221.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd23F.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd254.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd272.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd287.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd2A5.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd2BA.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd2D8.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd2ED.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd30B.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd320.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd33E.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd353.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd371.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd386.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd3A4.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd3B9.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd3D7.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd3EC.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd40A.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd41F.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd43D.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd452.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd470.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd485.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd4A3.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\idd4B8.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\iddE9.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\iddFC.tmp.exe -> Dialer.Agent.z : Cleaned.
C:\WINDOWS\Temp\__delete_on_reboot__w_i_n_E_8_._t_m_p_._e_x_e_ -> Dialer.IDialer.m : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Yann\Local Settings\Temp\Cookies\yann@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Cleaned.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005179.exe -> Trojan.Starter.65 : Cleaned.

::Report end

PS2:
Logfile of HijackThis v1.99.1
Scan saved at 13:07:13, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\FBM Software\ZeroSpyware\ZeroSpyware.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\RunDll32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Yann\Mes documents\Mes fichiers reçus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9319E3AA-221D-0198-10F4-74E29F7175B2} - C:\WINDOWS\system32\satej.dll (file missing)
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\awtttst.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\Program Files\FBM Software\ZeroSpyware\zsscheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Popup-corn] "C:\Program Files\Popup-corn\Popup-corn.exe" -silent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: microsoft outlook.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Startup: outicon.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_inst...
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12838be1816f2a23e906/netzip/RdxIE601_fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O18 - Protocol: bw+0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D07E2CE6-BFA0-4AB6-8DE8-6DCB047B03E7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awtttst - C:\WINDOWS\SYSTEM32\awtttst.dll
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

zabo32- 19 sept. 2006 à 17:43

Salut,

Bon apparemment suis toujours infecté... J'ai cette fenêtre d'un site me proposant ces services d'antivirus me disant que je suis infecté par des centaines de virus !!! et ca me plante internet et me fais ramer...
J'ai beau être matinal... j'ai mal !!!
pffffffffff........

a+

Réponse

boulepate62 23346Messages postés 14 mars 2006Date d'inscription 4 avril 2012Dernière intervention 19 sept. 2006 à 18:21

Salut,

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R3 - URLSearchHook: (no name) - {9319E3AA-221D-0198-10F4-74E29F7175B2} - C:\WINDOWS\system32\satej.dll (file missing)
O4 - Startup: microsoft outlook.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Startup: outicon.lnk = C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_inst...
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12838be1816f2a23e906/netzip/RdxIE601_fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab

toutes les O18

Clique sur demarrer, rechercher, cherche et supprime ce fichier si présent:

outicon.exe

Ensuite,

telecharge
http://www.atribune.org/ccount/click.php?id=4

double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toi même
Une fois qu'il a redemarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp

Ajouter un commentaire - Site web

Réponse

zabo32 39Messages postés 18 septembre 2006Date d'inscription 26 février 2010Dernière intervention 20 sept. 2006 à 16:33

Salut,

Bon, j'ai relancé HijackThis, checké les lignes, essayé de trouver outicon.exe (pas trouvé avec demarrer rechercher). fais un scan avec Vundofix et delete les fichiers qu'il m'a trouvé.
A ce stade j'ai une fenêtre de VundoFix qui s'est ouverte me disant:
"C:\windows\system32\awtttst.dll could not be deleted, VundoFix will load on reboot to attempt removal. Please click Scan for Vundo"
Voilà. Là dessus j'ai éteint et rallumé mon PC lancé un HijackThis. Voilà les 2 rapports...
Je sais pas si j'suis reçu ou collé !!!
@+

VundoFix V6.1.5

Checking Java version...

Scan started at 16:07:25 20/09/2006

Listing files found while scanning....

C:\WINDOWS\system32\awtttst.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\winzoa32.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtttst.dll
C:\WINDOWS\system32\awtttst.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\winzoa32.dll
C:\WINDOWS\system32\winzoa32.dll Has been deleted!

Performing Repairs to the registry.
Done!
*****************************************************

Logfile of HijackThis v1.99.1
Scan saved at 16:27:11, on 20/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Documents and Settings\Yann\Mes documents\Mes fichiers reçus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\zsscheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Popup-corn] "C:\Program Files\Popup-corn\Popup-corn.exe" -silent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Ajouter un commentaire

boulepate62- 20 sept. 2006 à 16:45

Salut,

ton rapport Hijackthis est ok.

Peuc tu refaire un rapport avec VundoFix et le coller ici

puis:

Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

http://www.bitdefender.com/scan8/ie.html

Réponse

zabo32 39Messages postés 18 septembre 2006Date d'inscription 26 février 2010Dernière intervention 21 sept. 2006 à 17:49

Salut,

Mon rapport VundoFix est propre (donc pas de rapport). Par contre j'ai landé ewido et il m'a trouvé Dropper.small et Trojan.BHO.g (je joins le rapport) et quant à Bitdefender... Il m'a trouvé 7 virus !!! C'est de l'harcelement !!! Fais chier...
@+

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:46:32 21/09/2006

+ Scan result:

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005581.dll -> Adware.Virtumionde : Cleaned.
C:\VundoFix Backups\awtttst.dll.bad -> Adware.Virtumionde : Cleaned.
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned.
C:\WINDOWS\system32\bcvtqppw.dll -> Trojan.BHO.g : Cleaned.

::Report end

******************************************************

BitDefender Online Scanner

Scan report generated at: Thu, Sep 21, 2006 - 17:40:01

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
01:07:58

Files
286372

Folders
4282

Boot Sectors
3

Archives
11059

Packed Files
27096

Results

Identified Viruses
7

Infected Files
13

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
13

Engines Info

Virus Definitions
455294

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip=>wiv.txt .scr
Infected with: Win32.Worm.Mytob.IB.Damaged

C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip=>wiv.txt .scr
Disinfection failed

C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip=>wiv.txt .scr
Deleted

C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)=>wiv.zip
Updated

C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)=>[Subject: hi][Date: Wed, 19 Apr 2006 09:04:46 -0400]=>(MIME part)
Updated

C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox=>(message 4)
Updated

C:\Documents and Settings\Yann\Application Data\Thunderbird\Profiles\221xqe9l.default\Mail\Local Folders\Inbox
Updated

C:\Documents and Settings\Yann\Application Data\PPPATC~1\services.exe
Infected with: Trojan.Clspring.BU

C:\Documents and Settings\Yann\Application Data\PPPATC~1\services.exe
Disinfection failed

C:\Documents and Settings\Yann\Application Data\PPPATC~1\services.exe
Deleted

C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Infected with: Win32.Worm.Bagle.CL

C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Disinfection failed

C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Deleted

C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip
Updated

C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)
Updated

C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)
Updated

C:\Documents and Settings\Yann\Local Settings\Application Data\Identities\{36610057-F0F7-45B1-BC6F-168B6A97D8C8}\Microsoft\Outlook Express\Éléments supprimés.dbx
Update failed

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Infected with: Win32.Worm.Bagle.CL

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip=>bbpyalld.exe
Deleted

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)=>siupd02.zip
Updated

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)=>[Subject: Delivery by mail][Date: Wed, 08 Feb 2006 09:28:32 +0100]=>(MIME part)
Updated

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx=>(message 0)
Updated

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc12.dbx
Update failed

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc5.bad
Infected with: Trojan.Dropper.Pakes.BJ

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc5.bad
Disinfection failed

C:\RECYCLER\S-1-5-21-997633108-3802580832-1693691005-1005\Dc5.bad
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps=>(gzip)
Infected with: Trojan.Starter.V

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps=>(gzip)
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps=>(gzip)
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP19\A0003003.rps
Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.PurityScan.AR

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP21\A0003835.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005580.dll
Infected with: Trojan.Dropper.Pakes.BJ

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005580.dll
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP25\A0005580.dll
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006745.exe
Infected with: Trojan.Clspring.BU

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006745.exe
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006745.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006746.exe
Infected with: Trojan.Dropper.AY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006746.exe
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP26\A0006746.exe
Deleted

C:\WINDOWS\system32\zsfiles\00005.rps=>(gzip)
Infected with: Trojan.Starter.V

C:\WINDOWS\system32\zsfiles\00005.rps=>(gzip)
Disinfection failed

C:\WINDOWS\system32\zsfiles\00005.rps=>(gzip)
Deleted

C:\WINDOWS\system32\zsfiles\00005.rps
Updated

C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)=>lzma_solid_nsis0003
Infected with: Trojan.Starter.V

C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)=>lzma_solid_nsis0003
Disinfection failed

C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)=>lzma_solid_nsis0003
Deleted

C:\WINDOWS\system32\zsfiles\00007.rps=>(gzip)=>(NSIS o)
Update failed

C:\WINDOWS\system32\zsfiles\00060.rps=>(gzip)
Infected with: Trojan.Starter.V

C:\WINDOWS\system32\zsfiles\00060.rps=>(gzip)
Disinfection failed

C:\WINDOWS\system32\zsfiles\00060.rps=>(gzip)
Deleted

C:\WINDOWS\system32\zsfiles\00060.rps
Updated

Ajouter un commentaire

boulepate62- 21 sept. 2006 à 18:57

Salut,

fait ça

Pour afficher tous les dossiers et fichiers cachés;

Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
"
Coche:
¤ afficher les fichiers et dossiers cachés
Clic sur "appliquer" puis "ok"

__
Clic sur demarrer, poste de travail, C:, documents and settings, Yann, Local Settings, Application Data, Identities, {36610057-F0F7-45B1-BC6F-168B6A97D8C8}, Microsoft, vide le dossier --> Outlook Express

Clic sur demarrer, poste de travail, C:, Windowds, System32, cherche et supprime ce dossier:

zsfiles

**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement

puis finit par ça:

Alors ceci; C:\System Volume Information\_restore(voir rapport Bitdefender) indique que ta restauration du systeme etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.

Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du systeme"

¤ coches la case "desactiver la Restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ decoches la case et clic sur "appliquer" puis "ok".

Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:

Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créer si un jour tu décides tu pourra revenir en arriere à la date que tu l'as créer donc à ce jour; en fesant la marche arriére tu pourra remettre ton ordinateur à la date ou l'on à créer ce point de restauration mais tu perdra les modifications que tu aura faites entre deux.

Réponse

zabo32 39Messages postés 18 septembre 2006Date d'inscription 26 février 2010Dernière intervention 22 sept. 2006 à 09:36

Salut,

Merci beaucoup pour toutes tes explications l'ami. Une dernière avant de te laisser tranquille!!! Comment je peux revenir en arrière si un jour je souhaite/ à la création de mon point de restauration. Il s'est enregistré quelque part dans mon PC ???

Merci pour tout et au plaisir de pas te revoir...tu m'en voudras pas !!! Ciao, ciao...

Ajouter un commentaire

Réponse

boulepate62 23346Messages postés 14 mars 2006Date d'inscription 4 avril 2012Dernière intervention 22 sept. 2006 à 09:43

Salut,

regarde ici, bas de page :-)
http://kerio.probb.fr/ftopic15.Creer-un-point-de-restauration-du-systeme.htm

A++

Ajouter un commentaire - Site web

Répondre au sujet

Posez votre question

Dossier à la une

Passage au tout numérique : quel coût pour les particuliers ?

Passage au tout numérique : quel coût pour les particuliers ?

Combien cela coûte-t-il au total ? Quelles aides apportent l'état et les acteurs du marché pour alléger cette charge non choisie ? Tous les détails sur Commentçamarche.net.

Virus W32 nebuler et backdoor.wrag [Résolu]

Virus W32 nebuler et backdoor.wrag »

Passage au tout numérique : quel coût pour les particuliers ?