cheval de troie impossible à supprimerRésolu/Fermé

Question

Bonjour,

voilà mon antivirus (avast 4.7) a détecté un cheval de troie dans C:/WINDOWS/system32/dpvac.dll pour tenter de régler le problème j'ai d'abord fait des scans avec Spybot SD et Ad-Aware ensuite j'ai fait un nettoyage avec CCleaner puis j'ai fait un scan avec Hijackthis...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:35, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\TEMP\41330531.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Téléchargement\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32
ss22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C40763FF-2393-46E0-B38C-0B7605C7CF72} - C:\WINDOWS\system32\dpvac.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Ping upload extra road] C:\Documents and Settings\All Users\Application Data\burn spam ping upload
oun frag.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\41330531.exe
O4 - HKCU\..\Run: [VgaOne] C:\DOCUME~1\Frobert\APPLIC~1\STOPAU~1\Soft Frag.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{816F862B-513D-4434-A5B0-FC6F2EC6AF3E}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{816F862B-513D-4434-A5B0-FC6F2EC6AF3E}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: bw+0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

jlpjlp · Answer

slt,


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll

O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32
ss22.dll
O2 - BHO: (no name) - {C40763FF-2393-46E0-B38C-0B7605C7CF72} - C:\WINDOWS\system32\dpvac.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Ping upload extra road] C:\Documents and Settings\All Users\Application Data\burn spam ping upload
oun frag.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\41330531.exe
O4 - HKCU\..\Run: [VgaOne] C:\DOCUME~1\Frobert\APPLIC~1\STOPAU~1\Soft Frag.exe

___________________


pour fusionner: pour comprendre pour la suite

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


__________________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Sauvegarde le sur ton bureau et pas ailleurs ! 


Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::

C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\iebrowserc.dll
C:\WINDOWS\system32
ss22.dll
C:\WINDOWS\system32\dpvac.dll
C:\Documents and Settings\All Users\Application Data\burn spam ping upload
oun frag.exe
C:\WINDOWS\TEMP\41330531.exe
C:\DOCUME~1\Frobert\APPLIC~1\STOPAU~1\Soft Frag.exe




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

jlpjlp · Answer

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





Driver ::
swbgbxop

File::

C:\WINDOWS\system32\drivers\ssynzfrn.dat 
C:\WINDOWS\system32\dpvac.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C40763FF-2393-46E0-B38C-0B7605C7CF72}]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_________________


 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

jlpjlp · Answer

relance hiajkchtis et fix ces lignes

O2 - BHO: (no name) - {C40763FF-2393-46E0-B38C-0B7605C7CF72} - C:\WINDOWS\system32\dpvac.dll 
_______________

télécharges et installes : 

kill box 
https://www.bleepingcomputer.com/download/linux/ 


aide kill box 
http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm 


- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci 

- Double-clic sur fix.reg 

Ouvres killbox 
- Sélectionne "delete on reboot" 
- Clique sur le dossier jaune à droite et sélectionne le fichier : 

C:\WINDOWS\system32\dpvac.dll 

- Clique sur la croix rouge et et blanche 
- Répond yes et laisse redémarrer ton pc. 
N'hésite pas à consulter l'Aide killbox 

_____________________


recolle un mois un nouveau rapport bitdefender mais cet fois complet , il me faut savoir les fichiers infécté

____________________

puis recolle un rapport hiajkchits

jlpjlp · Answer

bizarre combofix signale qu'il a été instéllé en 2004 ce logiciel...

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C40763FF-2393-46E0-B38C-0B7605C7CF72}]
2004-08-19 15:09 96512 --a------ C:\WINDOWS\system32\dpvac.dll 


________________

analyse ce fihcier sur virus total et colle moi le rapport :  https://www.virustotal.com/gui/

 C:\WINDOWS\system32\dpvac.dll 

________________

remplace avast par antivir et colle moi le rapport

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

jlpjlp · Answer

ok

___________

remplace avast par antivir et colle moi le rapport

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
_____________

recolle un rapport combofix aussi

jlpjlp · Answer

tu analyse tout l'ordi avec antivir . Pour combofix tu recolle un rapport comme le premier que tu as fait

mattkowsky · Answer

voilà le rapport avec antivir il est en deux parties parce que je l'ai commencé hier soir mais j'ai du le stopper et le reprendre ce matin sinon pour combofix je ne pense pas pouvoir mettre le même fichier texte parce que j'ai réussi à supprimer le fichier infecté C:/WINDOWS/system32/dpvac.dll AntiVir PersonalEdition Classic Report file date: 2008-02-27 23:34 Scanning for 1126829 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: FROBERT-D01TX51 Version information: BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 22:16:31 ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 2008-02-24 22:16:31 ANTIVIR3.VDF : 7.0.2.203 88064 Bytes 2008-02-27 22:16:31 AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2008-02-27 22:16:35 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-27 22:16:36 AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-02-27 23:34 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'Azureus.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ashDisp.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 36 processes with 36 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Frobert\Application Data\Stop Audio Hold\enzfnjlf.exe [DETECTION] Is the Trojan horse TR/Obfusgen.A.5352 [INFO] The file was moved to '483fe6cf.qua'! C:\Documents and Settings\Frobert\Application Data\Stop Audio Hold\osqnhsfj.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was moved to '4836e6dd.qua'! C:\Documents and Settings\Frobert\Application Data\Stop Audio Hold\yozsqtfw.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was moved to '483fe6dc.qua'! C:\System Volume Information\_restore{2BF0F989-7D48-47BF-8A50-9E4AAEE4C961}\RP1\A0001048.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [INFO] The file was moved to '47f5ec24.qua'! C:\System Volume Information\_restore{2BF0F989-7D48-47BF-8A50-9E4AAEE4C961}\RP1\A0001050.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [INFO] The file was moved to '47f5ec3e.qua'! C:\System Volume Information\_restore{2BF0F989-7D48-47BF-8A50-9E4AAEE4C961}\RP1\A0001081.exe [DETECTION] Is the Trojan horse TR/Obfusgen.A.5352 [INFO] The file was moved to '47f5ec45.qua'! C:\System Volume Information\_restore{2BF0F989-7D48-47BF-8A50-9E4AAEE4C961}\RP1\A0001082.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was moved to '47f5ec48.qua'! C:\System Volume Information\_restore{2BF0F989-7D48-47BF-8A50-9E4AAEE4C961}\RP1\A0001083.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was moved to '47f5ec4a.qua'! End of the scan: 2008-02-28 00:40 Used time: 1:05:35 min The scan has been canceled! 3041 Scanning directories 164883 Files were scanned 8 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 8 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 164875 Files not concerned 1169 Archives were scanned 1 Warnings 0 Notes AntiVir PersonalEdition Classic Report file date: 2008-02-28 09:54 Scanning for 1126829 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: FROBERT-D01TX51 Version information: BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 22:16:31 ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 2008-02-24 22:16:31 ANTIVIR3.VDF : 7.0.2.203 88064 Bytes 2008-02-27 22:16:31 AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2008-02-27 22:16:35 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-27 22:16:36 AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-02-28 09:54 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'ashDisp.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 35 processes with 35 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\dpvac.3 [DETECTION] Is the Trojan horse TR/BHO.abm [INFO] The file was moved to '483c92e6.qua'! C:\WINDOWS\system32\drivers\srtwe.sys [WARNING] The file could not be opened! Begin scan in 'D:\' D:\Téléchargement\HiJackThis\backups\backup-20080227-105736-937.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [INFO] The file was moved to '48299749.qua'! End of the scan: 2008-02-28 12:11 Used time: 2:17:12 min The scan has been done completely. 3671 Scanning directories 199561 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 199559 Files not concerned 1586 Archives were scanned 2 Warnings 0 Notes merci

jlpjlp · Answer

vire ce qui est en quarantaine dans antivir

___________


analyse ce fichier sur virus total:  et dis moi si infécté
https://www.virustotal.com/gui/ 

C:\WINDOWS\system32\drivers\srtwe.sys 

______________

recolle un rapport combofix

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. 

_______________


installe spybot en complement d'antivir pour te proteger des espions et scan avec

https://www.safer-networking.org/download/

__________


Désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre) 
_____________

recolle un rapport hijakthis et antivir et dis moi tes soucis actuels

mattkowsky · Answer

je n'ai pas pu analyser C:\WINDOWS\system32\drivers\srtwe.sys avec virustotal le message d'erreur suivant apparait : 0 bytes size received/ Se ha recibidio un archivo vacio ________________________________ ComboFix 08-02-25.3 - Frobert 2008-02-28 15:21:30.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.438 [GMT 1:00] Endroit: C:\Documents and Settings\Frobert\Bureau\KillBagle.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))))))) . 2008-02-28 14:59 . 2008-02-28 15:00 d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-28 10:27 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-02-28 10:27 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-02-28 10:27 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-02-28 10:27 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-02-27 23:01 . 2008-02-27 23:01 d-------- C:\Program Files\Avira 2008-02-27 23:01 . 2008-02-27 23:01 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-26 11:38 . 2008-02-27 11:52 d-------- C:\WINDOWS\BDOSCAN8 2008-02-25 15:39 . 2008-02-25 15:39 80 --a------ C:\WINDOWS\xptools.ini 2008-02-25 15:28 . 2008-02-25 15:28 221,184 --a------ C:\WINDOWS\system32\xtbaksm.dll 2008-02-25 15:28 . 2008-02-25 15:28 221,184 --a------ C:\WINDOWS\system32\xtbaksm.dat 2008-02-24 20:53 . 2008-02-27 23:26 d-------- C:\Program Files\SpeedItUpFree 2008-02-24 20:53 . 2008-02-24 20:53 724,992 --a------ C:\WINDOWS\iun6002.exe 2008-02-24 20:36 . 2008-02-25 15:41 d-------- C:\Documents and Settings\Frobert\Application Data\Uniblue 2008-02-24 14:14 . 2008-02-28 15:11 d-------- C:\Program Files\RamBoost XP 2008-02-13 22:57 . 2008-02-13 22:57 127 --a------ C:\WINDOWS\system32\MRT.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-28 14:06 --------- d-----w C:\Documents and Settings\Frobert\Application Data\Azureus 2008-02-28 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-27 22:38 --------- d-----w C:\Documents and Settings\Frobert\Application Data\Stop Audio Hold 2008-02-26 14:16 --------- d-----w C:\Documents and Settings\Frobert\Application Data\OpenOffice.org2 2008-02-25 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-25 14:30 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-25 14:30 --------- d-----w C:\Program Files\Azureus 2008-02-25 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\burn spam ping upload 2008-02-23 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-22 20:12 --------- d-----w C:\Documents and Settings\Frobert\Application Data\LimeWire 2008-02-18 17:52 19,584 ----a-w C:\WINDOWS\system32\drivers\ssynzfrn.dat 2008-01-24 18:20 25,984 ----a-w C:\WINDOWS\system32\drivers\Xcg26.sys 2008-01-24 18:17 54,764 ----a-w C:\WINDOWS\system32\drivers\srtwe.sys 2007-09-20 18:35 47,360 ----a-w C:\Documents and Settings\Frobert\Application Data\pcouffin.sys 2007-07-09 11:11 1,585,664 ----a-w C:\Program Files\siw.exe 2004-07-18 05:54 460,728 ----a-w C:\WINDOWS\Fonts\SET56C.tmp 2004-07-18 05:54 460,728 ----a-w C:\WINDOWS\Fonts\SET48A.tmp 2004-07-18 05:54 383,140 ----a-w C:\WINDOWS\Fonts\SET56B.tmp 2004-07-18 05:54 383,140 ----a-w C:\WINDOWS\Fonts\SET489.tmp 2004-07-18 05:54 355,436 ----a-w C:\WINDOWS\Fonts\SET56A.tmp 2004-07-18 05:54 355,436 ----a-w C:\WINDOWS\Fonts\SET488.tmp 2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\Fonts\SET569.tmp 2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\Fonts\SET487.tmp 2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\Fonts\SET568.tmp 2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\Fonts\SET486.tmp 2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\Fonts\SET56F.tmp 2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\Fonts\SET48D.tmp 2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\Fonts\SET56E.tmp 2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\Fonts\SET48C.tmp 2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\Fonts\SET56D.tmp 2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\Fonts\SET48B.tmp . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C40763FF-2393-46E0-B38C-0B7605C7CF72}] C:\WINDOWS\system32\dpvac.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\program files\windows live\messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-19 17:37 36864] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 11:26 86016] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 11:26 7700480] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 20:58 746520] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 00:03 284184] "Cmaudio"="cmicnfg.cpl" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-27 23:16 249896] "combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-19 15:09 400896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli scecli [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "C:\WINDOWS\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Mozilla Firefox\firefox.exe"= R0 swbgbxop;swbgbxop;C:\WINDOWS\system32\drivers\ssynzfrn.dat [] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2005-12-19 15:43] S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 17:11] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] S3 Xcg26;Xcg26;C:\WINDOWS\System32\drivers\Xcg26.sys [2008-01-24 19:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb157b60-52ac-11dc-9cef-000ae654c4c6}] \Shell\AutoRun\command - G:\setupSNK.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-02-28 14:00:08 C:\WINDOWS\Tasks\A5CCA0B2918B5E82.job" - c:\docume~1\frobert\applic~1\stopau~1\blue ping browse.exe "2008-02-24 19:35:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-02-24 19:35:26 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-28 15:30:07 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-28 15:32:42 - machine was rebooted [Frobert] . 2008-02-14 09:11:50 --- E O F --- _____________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:14:33, on 28/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\program files\windows live\messenger\msnmsgr.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\explorer.exe D:\Téléchargement\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C40763FF-2393-46E0-B38C-0B7605C7CF72} - C:\WINDOWS\system32\dpvac.dll (file missing) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\program files\windows live\messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{816F862B-513D-4434-A5B0-FC6F2EC6AF3E}: NameServer = 80.10.246.130 81.253.149.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{816F862B-513D-4434-A5B0-FC6F2EC6AF3E}: NameServer = 80.10.246.130 81.253.149.10 O18 - Protocol: bw+0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {76908D44-3B78-42F8-9276-0046F00F74D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe

jlpjlp · Answer

il ne faut garder qu'un seul antivirus vire avast avec ce logiciel (c'est surement pour cela que tu as des soucis aussi)

https://www.avast.com/fr-fr/uninstall-utility

__________________

pour
C:/WINDOWS/system32/framedyn.dll

regarde ici:
https://forum.zebulon.fr/topic/98199-comment-r%C3%A9soudre-lerreur-framedyndll/

_____________

fix ces lignes:

O2 - BHO: (no name) - {C40763FF-2393-46E0-B38C-0B7605C7CF72} - C:\WINDOWS\system32\dpvac.dll (file missing)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


______________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





Driver ::
swbgbxop

File::

C:\WINDOWS\system32\drivers\ssynzfrn.dat
C:\WINDOWS\system32\drivers\srtwe.sys 


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C40763FF-2393-46E0-B38C-0B7605C7CF72}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C40763FF-2393-46E0-B38C-0B7605C7CF72}] 


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

jlpjlp · Answer

parfait ! 
quels sont tes soucis actuels???









pour protéger gratos ton ordi

https://www.commentcamarche.net/telecharger/ 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf

Cheval de troie impossible à supprimer

11 réponses

Discussions similaires

Newsletters