Sujet Précédent Sujet Suivant

Tojan.Downloader.VBS.BL

Résolu/Fermé
dia1980 - 20 avril 2008 à 10:20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 - 21 avril 2008 à 20:44
Bonjour,j'ai chopé un trojan.downloader.vbs.bl et j'ai toujours des fiches de pubs qui s'ouvre toute seule sur mon internet 7,et mon ordi e super lent. Quand je clic droit sur la barre d'outil il y a une écriture"qvglped"qui a apparu.Comment pourrai-je éliminé tout ça.Merci!

20 réponses

Réponse 1 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
20 avril 2008 à 10:29
bonjour
tu poste un rapport hijackthis http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
= Clic-droit sur Hijackthis
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= clic droit sur Hijackthis ==> renommer ==> écrire : test.exe ( à la place de hijackthis.exe) <== Important
=Double-clic dessus
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
0
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 10:35
MERCI!!!!Je vais éssayer!
0
Réponse 2 / 20
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 10:44
C'est moi voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:50, on 20.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Documents and Settings\All Users\Application Data\hqzstglo\nsvilmjy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: qtvglped - {65C76A0A-B5A4-4170-8F62-947A0145677C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-ch\msnappau.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [4X6SL6Efkh] C:\Documents and Settings\All Users\Application Data\hqzstglo\nsvilmjy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp07.photoprintit.de/microsite/8328/defaults/activex/IPSUploader.cab
O18 - Protocol: bw+0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - C:\WINDOWS\system32\controlkids2.dll
O21 - SSODL: pmsoarbf - {2D2845F3-E35A-4627-BD98-32F9370813EB} - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
0
Réponse 3 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
20 avril 2008 à 10:46
tu télécharge smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu double clique sur smitfraudfix.cmd et tu choisi l' option 1
cela vas générer un rapport.

Copie/colle le rapport sur le forum stp.
0
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 10:58
Voilà:

SmitFraudFix v2.315

Rapport fait à 10:53:10.32, 20.04.2008
Executé à partir de C:\Documents and Settings\Loredana\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Documents and Settings\All Users\Application Data\hqzstglo\nsvilmjy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Loredana


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Loredana\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Loredana\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 213.221.128.240
DNS Server Search Order: 213.221.144.250

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0BAB6571-FA83-4A36-97D0-CEF50909BFDE}: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0BAB6571-FA83-4A36-97D0-CEF50909BFDE}: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0BAB6571-FA83-4A36-97D0-CEF50909BFDE}: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.221.128.240 213.221.144.250


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 4 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
20 avril 2008 à 11:01
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal,
copie/colle le rapport sauvegardé sur le forum
0
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 11:06
OK je vais le faire,Merci mon Ami!!!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 11:32
Voilà le rapport:

SmitFraudFix v2.315

Rapport fait à 11:14:11.04, 20.04.2008
Executé à partir de C:\Documents and Settings\Loredana\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\privacy_danger\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0BAB6571-FA83-4A36-97D0-CEF50909BFDE}: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0BAB6571-FA83-4A36-97D0-CEF50909BFDE}: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0BAB6571-FA83-4A36-97D0-CEF50909BFDE}: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.221.128.240 213.221.144.250
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.221.128.240 213.221.144.250


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
20 avril 2008 à 11:35
poste un nouveau rapport hijackthis stp
0
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 11:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:27, on 20.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Documents and Settings\All Users\Application Data\hqzstglo\nsvilmjy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ch\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: qtvglped - {65C76A0A-B5A4-4170-8F62-947A0145677C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-ch\msnappau.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [4X6SL6Efkh] C:\Documents and Settings\All Users\Application Data\hqzstglo\nsvilmjy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp07.photoprintit.de/microsite/8328/defaults/activex/IPSUploader.cab
O18 - Protocol: bw+0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FEFA9121-367C-4B9D-B304-8A708482191B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - C:\WINDOWS\system32\controlkids2.dll
O21 - SSODL: pmsoarbf - {2D2845F3-E35A-4627-BD98-32F9370813EB} - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 7 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
20 avril 2008 à 11:46
tu telecharge MalwareByte's Anti-Malware

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

tu sélectionne "Exécuter un examen complet". Patiente le temps du scan.
Une fois le scan terminé,clique sur "Afficher les résultats" et enregistre le rapport sur ton Bureau.
Clique enfin sur "Supprimer la sélection".


Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
0
Réponse 8 / 20
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 12:08
un peu de patience c'est un peu long mais il a déja trouver 10 fichiers infécter.je t'envoie le rapport dès que c'est fini.merci!!!!!
0
Réponse 9 / 20
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 13:53
Enfin fini ça été trés long mais voici le rapport:

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 599

Type de recherche: Examen complet (C:\|)
Eléments examinés: 99179
Temps écoulé: 1 hour(s), 46 minute(s), 24 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
C:\Documents and Settings\All Users\Application Data\hqzstglo\nsvilmjy.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\khfCsqon.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb69c712-3461-4d61-bba6-879b947befe4} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb69c712-3461-4d61-bba6-879b947befe4} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\4X6SL6Efkh (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfcsqon -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\khfCsqon.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\noqsCfhk.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\noqsCfhk.ini2 (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\All Users\Application Data\hqzstglo\nsvilmjy.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\jglmbkva.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lsprst7.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssprs.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\rs.txt (Malware.Trace) -> No action taken.

Et maintenant?
0
Réponse 10 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
20 avril 2008 à 14:00
supprime ce qu'il a trouvé

tu télécharge ComboFix :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

tuto https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

tu enregistre le sur le bureau.

Avant d'utiliser ComboFix :

tu déconnecte internet et referme les fenêtres de tous les programmes en cours.

tu désactive provisoirement la protection en temps réel de ton Antivirus et de tes Antispywares.


sur ton bureau tu double-clic sur Combofix.exe.

tu répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

Pendant la durée de cette étape,tu ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

tu réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

tu reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt .
0
Réponse 11 / 20
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 14:13
Excuse-moi mais j'ai essayer de telecharger le lien de combofix e de l'executer mais une fenêtre de bit defender me dit qu'il a bloqué un virus du nom de: Spyware.tool.Nircmd.a est-ce normal? et puis j'ai pas combofix sur le bureau!! que dois-je faire stp?
0
Réponse 12 / 20
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 14:17
je dois enregistrer combofix sur le bureau avant de l'executer??car moi j'ai executer tout de suite car je croyais qu'il s'installe tout seul sur le bureau
0
Réponse 13 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
20 avril 2008 à 14:22
tout est bien expliqué sur mon message 14
tu enregistre le sur le bureau.

Avant d'utiliser ComboFix :

tu déconnecte internet et referme les fenêtres de tous les programmes en cours.

tu désactive provisoirement la protection en temps réel de ton Antivirus et de tes Antispywares.

tu a lien aussi :https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

je ne peut pas faire mieux

a plus tard
0
Réponse 14 / 20
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 14:28
Scuse mais maintenant j'ai l'ecran tout bleu est j'ai fais comme tu ma dis mais mon bit defender dis toujours qu'il bloque le virus du nom de:Spyware.tool.Nircmd.a et je peut plus rien faire car c'est tout bleu et je vois plus rien a part la fenêtre d'internet.!!!!!! que dois-je faire stp
0
Réponse 15 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
20 avril 2008 à 14:36
tu nas pas du tout suivie mes consignes puisque ton antivirus est toujour active et qu'il bloque combofix
desinstalle combofix
redémarre ton pc
je dois y aller
a plus tard
0
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
20 avril 2008 à 14:45
justement j'ai dès que j'ai télécharger combofix j'ai pa eu le temps d'arreter mon antivirus qu'il a bloqué ce virus et l'ecran est devenu bleu!!! Donc maintenant je ne vois plus mon bureau!!! que faire
0
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
21 avril 2008 à 08:27
Salut gil ca va? écoute j'ai réussi hier et le rapport combofix le voilà:

ComboFix 08-04-18.3 - Loredana 2008-04-20 15:05:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.208 [GMT 0:00]
Endroit: C:\Documents and Settings\Loredana\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000041_.tmp.dll
C:\WINDOWS\system32\ddcDsQJb.dll
C:\WINDOWS\system32\jkkJdAst.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oagyelsu.ini
C:\WINDOWS\system32\tsAdJkkj.ini
C:\WINDOWS\system32\tsAdJkkj.ini2
C:\WINDOWS\system32\usleygao.dll
C:\WINDOWS\system32\wvUkLBRj.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

2008-04-20 11:51 . 2008-04-20 11:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 11:51 . 2008-04-20 11:51 <REP> d-------- C:\Documents and Settings\Loredana\Application Data\Malwarebytes
2008-04-20 11:51 . 2008-04-20 11:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 10:53 . 2008-04-20 11:14 5,558 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-20 10:52 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-20 10:52 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-20 10:52 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-20 10:52 . 2008-04-20 00:38 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-20 10:52 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-20 10:52 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-20 10:52 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-20 10:40 . 2008-04-20 10:40 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 09:57 . 2008-04-20 09:57 <REP> d-------- C:\VundoFix Backups
2008-04-19 22:11 . 2008-04-19 22:12 1,540,617 ---hs---- C:\WINDOWS\system32\cnjigqdk.ini
2008-04-19 21:09 . 2008-04-20 09:18 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 21:03 . 2008-04-20 09:37 <REP> d-------- C:\Program Files\Trojan Remover
2008-04-18 22:11 . 2008-04-18 22:11 1,540,617 ---hs---- C:\WINDOWS\system32\vkongeun.ini
2008-04-18 13:22 . 2008-04-20 13:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\hqzstglo
2008-04-18 13:22 . 2008-04-18 08:18 253,952 --a------ C:\WINDOWS\lgmxvpatwxm.dll.vir
2008-04-18 13:22 . 2008-04-18 08:18 221,184 --a------ C:\WINDOWS\omlbpkaw.dll
2008-04-18 13:22 . 2008-04-18 08:18 172,032 --a------ C:\WINDOWS\pmsoarbf.dll.vir
2008-04-18 13:22 . 2008-04-18 08:18 151,552 --a------ C:\WINDOWS\qtvglped.dll.vir
2008-04-18 13:22 . 2008-04-18 08:18 94,208 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-18 13:22 . 2008-04-18 08:18 81,920 --a------ C:\WINDOWS\rtqmekwg.exe
2008-04-16 23:56 . 2008-04-16 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\hps
2008-04-16 23:56 . 2008-04-16 23:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 23:56 . 2008-04-16 23:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 23:56 . 2008-04-16 23:56 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2008-04-16 23:56 . 2008-04-16 23:56 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-04-16 23:56 . 2008-04-16 23:56 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-04-16 23:56 . 2008-04-16 23:56 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-04-16 23:56 . 2008-04-16 23:56 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
2008-04-16 23:56 . 2008-04-16 23:56 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2008-04-16 22:19 . 2008-04-17 20:09 <REP> d-------- C:\Program Files\AbiSuite2
2008-04-16 20:21 . 2008-04-16 20:21 <REP> d-------- C:\Program Files\France_Loisirs
2008-04-16 14:41 . 2008-04-16 14:41 <REP> d-------- C:\Program Files\Babylon
2008-04-16 14:41 . 2008-04-16 15:48 <REP> d-------- C:\Documents and Settings\Loredana\Application Data\Babylon
2008-04-16 14:41 . 2008-04-18 13:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-04-16 14:32 . 2008-04-16 14:32 <REP> d-------- C:\Program Files\Real
2008-04-16 14:32 . 2008-04-16 14:32 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-13 16:09 . 2008-04-13 16:09 59,102 --a------ C:\WINDOWS\log1.dmp
2008-04-11 20:27 . 2003-08-07 13:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-04-11 20:27 . 1998-07-13 17:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-04-11 11:33 . 2008-04-11 11:33 <REP> d-------- C:\Documents and Settings\Loredana\Application Data\Bitdefender
2008-04-11 11:32 . 2008-04-11 11:32 <REP> d-------- C:\Program Files\BitDefender
2008-04-11 11:32 . 2008-04-11 17:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-11 11:30 . 2008-04-11 11:32 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-04-11 09:45 . 2008-04-20 15:20 121 --a------ C:\WINDOWS\bdagent.INI
2008-04-11 09:42 . 2008-04-11 09:42 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-04-11 09:33 . 2008-04-11 20:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-08 10:01 . 2008-04-18 20:25 <REP> dr------- C:\WINDOWS\system32\f.s.b
2008-03-26 18:25 . 2008-03-26 18:25 <REP> d-------- C:\Program Files\Zattoo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 11:25 --------- d-----w C:\Documents and Settings\Loredana\Application Data\LimeWire
2008-04-16 23:54 25,458 ----a-w C:\Documents and Settings\Loredana\Application Data\wklnhst.dat
2008-04-16 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-16 21:58 --------- d-----w C:\Program Files\Microsoft Works
2008-04-16 14:32 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-11 20:27 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-11 12:36 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2008-04-11 09:40 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-04-08 10:16 --------- d-----w C:\Program Files\Picasa2
2008-04-07 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-03 20:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-21 08:01 --------- d-----w C:\Program Files\Java
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 19:48 --------- d-----w C:\Documents and Settings\Loredana\Application Data\Zylom
2008-03-13 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-03-12 10:31 --------- d-----w C:\Documents and Settings\Loredana\Application Data\Skype
2008-03-01 18:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-28 19:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-27 19:02 --------- d-----w C:\Program Files\Windows Live
2008-02-24 13:56 --------- d-----w C:\Program Files\MSECache
2008-02-23 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ifolor
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-01 11:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-12-05 13:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2008-03-11 09:22 267488]

[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2008-03-11 09:22 267488]

[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-03-31 12:37 1575424]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-13 20:36 32768]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 01:17 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-22 18:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-22 18:31 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 13:40 790528]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38 688218]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-14 17:52 98304]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-05 13:52 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 08:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.02.3000.1001\fr-ch\msnappau.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-04-11 09:40 360448]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-16 14:32 185896]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 09:23 3551456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 08:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 01:17 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDsQJb]
ddcDsQJb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Zattoo\\Zattoo2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-04-11 09:40]
S3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-12-04 17:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
**************************************************************************
Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????5?0?6?2??????? ?,?B?????????????hLC? ??????

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 15:27:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 15:27:00

Pre-Run: 41,611,403,264 octets libres
Post-Run: 42,943,242,240 octets libres

227 --- E O F --- 2008-04-19 12:08:46

j'attend de tes nouvelles merci!!!!!!
0
Réponse 16 / 20
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
20 avril 2008 à 15:31
Bonjour suite au sujet en doublon que tu poste http://www.commentcamarche.net/forum/affich 6029566 trojan downloader vbs bl

dans l'attente du retour de gil le fantom,

essaye CTRL + ALT + SUPPR

si rien fait Win+ R voir si une boite de dialogue s'ouvre
si c'est le cas tappes : taskmgr.exe

ensuite rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide

@+
0
Réponse 17 / 20
dia1980 Messages postés 148 Date d'inscription dimanche 20 avril 2008 Statut Membre Dernière intervention 16 mai 2019 5
21 avril 2008 à 13:09
Merci beaucoup pour Votre aide et j'ai réussi à eliminé tout les virus: Tojan.Downloader.vbs.bl et Spyware.tool.Nircmd.A.POUr qui aurai le même probleme télécharger : Multiviruscleaner 2008 merci encore pour vos conseil!!!!!!!!!!
0
Réponse 18 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
21 avril 2008 à 19:00
bonjour Dia
je suis heureux que ton probléme est résolu

pour supprimer les outils de désinfection
tu Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.

bonne soirée

a+
0
Réponse 19 / 20
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
21 avril 2008 à 20:30
Bonsoir

si je peux me permettre
supprimer les points de restauration serait sage ;-)
quand tu gil le fantom

@+
0
Réponse 20 / 20
gil le fantom Messages postés 2799 Date d'inscription vendredi 18 janvier 2008 Statut Membre Dernière intervention 17 octobre 2010 25
21 avril 2008 à 20:44
bonsoir ep44
merci pour ton intervention
tu as tout a fait raison c'est plus sage
0