Sujet Précédent Sujet Suivant

Virus xpack et conhook

Fermé
jb - 5 juin 2008 à 12:29
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 5 juin 2008 à 18:35
Bonjour,
j'esepere que mon message est pas en double car IE à planté lors de mon précédent envoi ^^
j'ai un gros probleme de publicités intmestive lorsque j'uvre IE de plus dès que je veux lancer une application quelle quelle soit, mon antivirus (antivir) m'averti sur la présence d'un trojan horse dldr.conhook.aku et crypt.xpack.gen et bien que j'ai lancé des scans complets avec antivir et spybot ceux-ci sont toujours présents.
je ne sais pas si c'est lié mais mon pavé numérique ne fonctionne plus même en changeant de clavier :/
pourriez vous m'aider?
merci d'avance :)
je vous poste un rapport hijackthis si ça peu vous aider :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:54, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exea
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=FR&language=fr&PURCH_DT_MONTH=09&PURCH_DT_DAY=22&PURCH_DT_YEAR=2006&PROD_SERIAL_ID=CNH6212BTH&application=305&modelID=EY988AA&LF=red
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4F26BEDB-D89B-44A1-948B-5D523292DADF} - C:\WINDOWS\system32\jkkICvSI.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: 905757 helper - {E28F671C-3D83-4149-BA2F-546A67702B49} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: atfxqogp - {0F32EE72-AAF6-47E3-9882-8C988C977CDC} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F355FE0-E110-4AF6-9AE0-9DB0ECA3E3B5}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{7F355FE0-E110-4AF6-9AE0-9DB0ECA3E3B5}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: bw+0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C754DBF9-26C3-4F21-84E9-D4283EF91F76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ?,
O20 - Winlogon Notify: jkkICvSI - C:\WINDOWS\SYSTEM32\jkkICvSI.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: ServiceRom - {063a2306-6f8e-4651-af87-dcb645be5506} - (no file)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

5 réponses

Réponse 1 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 juin 2008 à 12:45
sltsi tu as windows live one care et antivir , vire un des deux sinon l'ordi va planter (antivir est mieux)

_______________


smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

_________________


scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

________________

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

__________________



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 2 / 5
Utilisateur anonyme
5 juin 2008 à 12:46
Salut ,


Préalable
• Vider la corbeille
• Fermer toutes les applications

================NAVILOG====================

Télécharge ceci http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm

prend navilog1.exe

Choisir option 1 uniquement

Ensuite suit ce tutorial : http://mickael.barroux.free.fr/securite/navilog.php

Et enfin post le rapport du scan navilog


0
Réponse 3 / 5
jb
5 juin 2008 à 18:13
bonour alors voici les différents rapports :

smit fraud : impossible de le telecharger sur ce pc :/

vundofix :
rien trouvé dans le scan

virtuamonde :
[06/05/2008, 17:19:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Propriétaire\Bureau\VirtumundoBeGone.exe" )
[06/05/2008, 17:20:13] - Detected System Information:
[06/05/2008, 17:20:13] - Windows Version: 5.1.2600, Service Pack 2
[06/05/2008, 17:20:13] - Current Username: Compaq_Propriétaire (Admin)
[06/05/2008, 17:20:13] - Windows is in NORMAL mode.
[06/05/2008, 17:20:13] - Searching for Browser Helper Objects:
[06/05/2008, 17:20:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/05/2008, 17:20:13] - BHO 2: {08661A69-98D6-480F-8CED-4A39660A5B56} ()
[06/05/2008, 17:20:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:13] - Checking for HKLM\...\Winlogon\Notify\cbXOGwwT
[06/05/2008, 17:20:13] - Key not found: HKLM\...\Winlogon\Notify\cbXOGwwT, continuing.
[06/05/2008, 17:20:13] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[06/05/2008, 17:20:13] - BHO 4: {4F26BEDB-D89B-44A1-948B-5D523292DADF} ()
[06/05/2008, 17:20:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:13] - Checking for HKLM\...\Winlogon\Notify\jkkICvSI
[06/05/2008, 17:20:13] - Found: HKLM\...\Winlogon\Notify\jkkICvSI - This is probably Virtumundo.
[06/05/2008, 17:20:13] - Assigning {4F26BEDB-D89B-44A1-948B-5D523292DADF} MSEvents Object
[06/05/2008, 17:20:13] - BHO list has been changed! Starting over...
[06/05/2008, 17:20:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/05/2008, 17:20:13] - BHO 2: {08661A69-98D6-480F-8CED-4A39660A5B56} ()
[06/05/2008, 17:20:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:13] - Checking for HKLM\...\Winlogon\Notify\cbXOGwwT
[06/05/2008, 17:20:13] - Key not found: HKLM\...\Winlogon\Notify\cbXOGwwT, continuing.
[06/05/2008, 17:20:13] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[06/05/2008, 17:20:13] - BHO 4: {4F26BEDB-D89B-44A1-948B-5D523292DADF} (MSEvents Object)
[06/05/2008, 17:20:13] - ALERT: Found MSEvents Object!
[06/05/2008, 17:20:13] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/05/2008, 17:20:13] - BHO 6: {54192079-8E8A-43D8-BCBC-3874916159AF} (818646 Class)
[06/05/2008, 17:20:13] - BHO 7: {74C723EC-525B-4D3E-8AE0-046E220FDCCA} ()
[06/05/2008, 17:20:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:13] - No filename found. Continuing.
[06/05/2008, 17:20:13] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/05/2008, 17:20:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:13] - No filename found. Continuing.
[06/05/2008, 17:20:13] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/05/2008, 17:20:13] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/05/2008, 17:20:13] - BHO 11: {E28F671C-3D83-4149-BA2F-546A67702B49} ()
[06/05/2008, 17:20:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:13] - No filename found. Continuing.
[06/05/2008, 17:20:13] - Finished Searching Browser Helper Objects
[06/05/2008, 17:20:13] - *** Detected MSEvents Object
[06/05/2008, 17:20:13] - Trying to remove MSEvents Object...
[06/05/2008, 17:20:14] - Terminating Process: IEXPLORE.EXE
[06/05/2008, 17:20:14] - Terminating Process: RUNDLL32.EXE
[06/05/2008, 17:20:15] - Disabling Automatic Shell Restart
[06/05/2008, 17:20:15] - Terminating Process: EXPLORER.EXE
[06/05/2008, 17:20:15] - Suspending the NT Session Manager System Service
[06/05/2008, 17:20:15] - Terminating Windows NT Logon/Logoff Manager
[06/05/2008, 17:20:15] - Re-enabling Automatic Shell Restart
[06/05/2008, 17:20:15] - File to disable: C:\WINDOWS\system32\jkkICvSI.dll
[06/05/2008, 17:20:15] - Renaming C:\WINDOWS\system32\jkkICvSI.dll -> C:\WINDOWS\system32\jkkICvSI.dll.vir
[06/05/2008, 17:20:15] - File successfully renamed!
[06/05/2008, 17:20:15] - Removing HKLM\...\Browser Helper Objects\{4F26BEDB-D89B-44A1-948B-5D523292DADF}
[06/05/2008, 17:20:15] - Removing HKCR\CLSID\{4F26BEDB-D89B-44A1-948B-5D523292DADF}
[06/05/2008, 17:20:15] - Adding Kill Bit for ActiveX for GUID: {4F26BEDB-D89B-44A1-948B-5D523292DADF}
[06/05/2008, 17:20:15] - Deleting ATLEvents/MSEvents Registry entries
[06/05/2008, 17:20:16] - Removing HKLM\...\Winlogon\Notify\jkkICvSI
[06/05/2008, 17:20:16] - Searching for Browser Helper Objects:
[06/05/2008, 17:20:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/05/2008, 17:20:16] - BHO 2: {08661A69-98D6-480F-8CED-4A39660A5B56} ()
[06/05/2008, 17:20:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:16] - Checking for HKLM\...\Winlogon\Notify\cbXOGwwT
[06/05/2008, 17:20:16] - Key not found: HKLM\...\Winlogon\Notify\cbXOGwwT, continuing.
[06/05/2008, 17:20:16] - BHO 3: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[06/05/2008, 17:20:16] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/05/2008, 17:20:16] - BHO 5: {54192079-8E8A-43D8-BCBC-3874916159AF} (818646 Class)
[06/05/2008, 17:20:16] - BHO 6: {74C723EC-525B-4D3E-8AE0-046E220FDCCA} ()
[06/05/2008, 17:20:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:16] - No filename found. Continuing.
[06/05/2008, 17:20:16] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/05/2008, 17:20:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:16] - No filename found. Continuing.
[06/05/2008, 17:20:16] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/05/2008, 17:20:16] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/05/2008, 17:20:16] - BHO 10: {E28F671C-3D83-4149-BA2F-546A67702B49} ()
[06/05/2008, 17:20:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/05/2008, 17:20:16] - No filename found. Continuing.
[06/05/2008, 17:20:16] - Finished Searching Browser Helper Objects
[06/05/2008, 17:20:16] - Finishing up...
[06/05/2008, 17:20:16] - A restart is needed.
[06/05/2008, 17:20:29] - Attempting to Restart via STOP error (Blue Screen!)

Combofix :
ComboFix 08-06-04.5 - Compaq_Propriétaire 2008-06-05 17:42:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.530 [GMT 2:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\atfxqogp.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\818646
C:\WINDOWS\system32\cbXOGwwT.dll
c:\windows\system32\Drivers\ykN18.sys
C:\WINDOWS\system32\geBuRIxw.dll
C:\WINDOWS\system32\mlJDsPfF.dll
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\pygldwbq.ini
C:\WINDOWS\system32\rqRLeeDu.dll
C:\WINDOWS\system32\TwwGOXbc.ini
C:\WINDOWS\system32\TwwGOXbc.ini2
C:\WINDOWS\system32\urlmsnlink.dat
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\vregfwlx.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Legacy_YKN18
-------\Service_msupdate
-------\Service_ykN18


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
.

2008-06-05 17:51 . 2008-06-05 17:51 294 ---hs---- C:\WINDOWS\system32\pygldwbq.ini
2008-06-05 17:27 . 2008-06-05 17:27 <REP> d-------- C:\VundoFix Backups
2008-06-05 12:12 . 2008-06-05 12:12 95,232 --a------ C:\WINDOWS\system32\qbwdlgyp.dll
2008-06-04 17:42 . 2008-06-04 17:42 <REP> d-------- C:\Program Files\Trend Micro
2008-06-04 16:54 . 2008-06-04 16:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 16:54 . 2008-06-04 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-04 16:47 . 2008-06-04 16:47 <REP> d-------- C:\Program Files\Avira
2008-06-04 16:47 . 2008-06-04 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-04 16:35 . 2008-06-04 16:35 <REP> d-------- C:\Program Files\CCleaner
2008-06-04 13:26 . 2008-06-04 13:26 324,352 --------- C:\WINDOWS\system32\jkkKaaay.dll_old
2008-06-02 20:56 . 2008-06-04 18:00 <REP> d-------- C:\WINDOWS\system32\905757
2008-06-02 14:39 . 2008-06-02 14:39 324,864 --------- C:\WINDOWS\system32\geBspoMf.dll_old
2008-06-02 11:14 . 2008-06-02 11:14 33,408 --a------ C:\WINDOWS\system32\jkkICvSI.dll.vir
2008-06-02 11:13 . 2008-06-04 17:04 160,256 --a------ C:\WINDOWS\system32\blackster.scr

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 08:41 --------- d-----w C:\Program Files\MSN Messenger
2008-05-30 11:58 94,208 ----a-w C:\WINDOWS\DUMP5ad2.tmp
2008-04-19 20:38 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-19 20:37 --------- d-----w C:\Program Files\Fichiers communs\Real
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F26BEDB-D89B-44A1-948B-5D523292DADF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54192079-8E8A-43D8-BCBC-3874916159AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74C723EC-525B-4D3E-8AE0-046E220FDCCA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E28F671C-3D83-4149-BA2F-546A67702B49}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0F32EE72-AAF6-47E3-9882-8C988C977CDC}"= "C:\WINDOWS\atfxqogp.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{0f32ee72-aaf6-47e3-9882-8c988c977cdc}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{2E6F7626-771D-4242-AB22-780ADEEA4D80}]
[HKEY_CLASSES_ROOT\atfxqogp]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7311_Monitor"="C:\WINDOWS\PixArt\PAC7311\Monitor.exe" [2006-11-03 12:01 319488]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 11:06 262401]
"235ce9a7"="C:\WINDOWS\system32\qbwdlgyp.dll" [2008-06-05 12:12 95232]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 06:00 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ahO05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avN88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fpN61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hcL52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kcD18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kwI36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lmH05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nvF26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uvW70.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vjS57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcN77.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ygD12.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ykN18.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Maintenance en 1 clic.lnk]
path=C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\Maintenance en 1 clic.lnk
backup=C:\WINDOWS\pss\Maintenance en 1 clic.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
path=C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
backup=C:\WINDOWS\pss\YesMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1 mags 16 more]
C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\Soap Audio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
C:\WINDOWS\system32\ctfmona.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DJ Console]
--------- 2004-01-08 12:08 270336 C:\Program Files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-15 15:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-07 17:55 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-12-25 14:08 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 12:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 19:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 12:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-12-09 17:32 225280 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
--a------ 2008-04-19 22:37 69632 C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2006-02-24 19:46 147456 C:\Program Files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 07:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 15:14 237568 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 19:23 663552 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seek the]
--a------ 2007-10-08 11:47 551424 C:\DOCUME~1\COMPAQ~1\APPLIC~1\INFOWA~1\BodyDrvBore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-22 19:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-19 22:37 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 17:37]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S0 ahO05;ahO05;C:\WINDOWS\system32\Drivers\ahO05.sys []
S0 avN88;avN88;C:\WINDOWS\system32\Drivers\avN88.sys []
S0 fpN61;fpN61;C:\WINDOWS\system32\Drivers\fpN61.sys []
S0 hcL52;hcL52;C:\WINDOWS\system32\Drivers\hcL52.sys []
S0 kcD18;kcD18;C:\WINDOWS\system32\Drivers\kcD18.sys []
S0 kwI36;kwI36;C:\WINDOWS\system32\Drivers\kwI36.sys []
S0 lmH05;lmH05;C:\WINDOWS\system32\Drivers\lmH05.sys []
S0 nvF26;nvF26;C:\WINDOWS\system32\Drivers\nvF26.sys []
S0 uvW70;uvW70;C:\WINDOWS\system32\Drivers\uvW70.sys []
S0 vjS57;vjS57;C:\WINDOWS\system32\Drivers\vjS57.sys []
S0 wcN77;wcN77;C:\WINDOWS\system32\Drivers\wcN77.sys []
S0 ygD12;ygD12;C:\WINDOWS\system32\Drivers\ygD12.sys []
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2003-08-26 15:55]
S3 PAC7311;BS-CAM-PACK-CHAT;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2007-03-14 11:57]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 00:58]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-22 09:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 16:17:52 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2008-06-05 15:54:09 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-06-05 15:54:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
"2008-06-05 15:54:12 C:\WINDOWS\Tasks\MP Scheduled Signature Update.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 17:51:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\qbwdlgyp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-05 17:58:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 15:57:59

Pre-Run: 89,692,266,496 octets libres
Post-Run: 89,814,458,368 octets libres

263 --- E O F --- 2008-05-28 12:02:01


merci :)
0
Réponse 4 / 5
jb
5 juin 2008 à 18:24
hello chiquitine :)

voici le rapport navilog1 :

Search Navipromo version 3.5.7 commencé le 05/06/2008 à 18:14:38,00

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Compaq_Propriétaire"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menud~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Compaq_Propriétaire\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\COMPAQ~2\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Compaq_Propriétaire\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 05/06/2008 à 18:19:49,17 ***

merci :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 juin 2008 à 18:35
analyse ce fichier sur virus total : https://www.virustotal.com/gui/

et tu me dis lesquels sont inféctés


C:\WINDOWS\system32\pygldwbq.ini
C:\WINDOWS\system32\qbwdlgyp.dll
C:\WINDOWS\system32\jkkKaaay.dll_old
2C:\WINDOWS\system32\905757
C:\WINDOWS\system32\geBspoMf.dll_old
C:\WINDOWS\system32\jkkICvSI.dll.vir
C:\WINDOWS\system32\blackster.scr

_________________


scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

___________________

recolle ensuite un hijakchtis et combofix
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses