GregLand.Net

[L'Aspirine Du Web ! Assistance dans tous les domaines informatiques...]
http://s299426922.onlinehome.fr/forum/

Trojan récalcitran

http://s299426922.onlinehome.fr/forum/viewtopic.php?t=2308

Page 1 sur 1

Trojan récalcitran

Posté : 19 mai 2007 23:35
par Miss_Garfield
Bonjour :cry:

Encore un problème... j'ai un trojan dans mon ordi et impossible de m'en débarasser.

Spybot S/d m'a trouvé ceci: Smitfraud-C. toolbar 888

Réglages: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

Réglages: HKEY_USERS\S-1-5-21-1606980848-1979792683-725345543-1004\Software\Microsoft\add

J'ai essayé de corriger le problème mais il revient toujours

J'ai scanné avec AVAST - Ad-Aware - A2 (A Squared) - Be Clean -

Y a rien à faire....

S.V.P. les EXPERTS aidez-moi !

Miss_Garfield


P.S. Voici la description que Spybot S&D me donne et OUI j'ai désactivé la restauration système.... Merci de m'aider

Société:
Produit: Smitfraud-C.Toolbar888
Menace: Malware


Description
Smitfraud-C.Toolbar888 is connecting to malicious website without giving the user a possibility to cancel that process.
It also adds a randomly named dll to the Winlogon Notify, which will make it very resistable to removal. If you need help with removal pleas contact Team Spybot S&D via forums or email.

Posté : 19 mai 2007 23:40
par GregLand
Salut Miss (Tiens, un problème ) :wink:

Si tu as vraiment essayé ceci sans succés, je ne pense pas qu'une solution simple existes...

Recommence l'ensemble en mode sans echec (Bien sûr)
Et si ça ne fonctionne pas, a mon avis,formatage... réinstallation

Posté : 19 mai 2007 23:46
par Miss_Garfield
Bonjour Greg

Je viens d'aller voir mon regedit

j'ai trouvé le 2 eme

Réglages: HKEY_USERS\S-1-5-21-1606980848-1979792683-725345543-1004\Software\Microsoft\add

Il y a deux items

1- (par défaut) REG_SZ (valeur non définie)

2-SysShell REG_BINARY d7 07 05 00 06 00 13 00 0c 00 18 00 0b 00 9f 02


Je ne sais pas si ça peut aider à quelque chose ou si je peux supprimer quelque chose ???

Merci

Miss_Garfield
1-

Posté : 19 mai 2007 23:48
par GregLand
Ecoutes, a priorie, je ne possède pas cette clef... (Après ça ne veut pas dire qu'elle n'est pas utile pour ton PC...)
Peux tu prendre une "photo" de la fenêtre du registre ouvert a la clef citée ?

Posté : 19 mai 2007 23:53
par Miss_Garfield
Comment je peux faire une photo de mon registre Greg :S

Merci

Miss_Garfield

Posté : 20 mai 2007 00:12
par GregLand
Tu vas dans démarrer, exécuter, tu tapes regedit et tu valides

Tu vas a la clef (ça marche comme pour un exploreur)
HKEY_USERS\S-1-5-21-1606980848-1979792683-725345543-1004\Software\Microsoft\add

Tu prends une photo de la fenêtre

Posté : 20 mai 2007 00:27
par Miss_Garfield
lol c'est pas ce que je te demande... :-P

Je te demande comment prendre la photo de ça..???

Avec quoi ???

Miss_Garfield

Posté : 20 mai 2007 00:45
par Miss_Garfield
BOn grrrrrrrr le fichu trojan change ma page de démarrage d'explorer...


Dites-moi comment la mettre ici la photo svp

Merci

Miss_Garfield

Posté : 20 mai 2007 01:03
par Miss_Garfield
http://img523.imageshack.us/img523/9860 ... ditgx8.png



Se croise les doigts

Merci

Miss_Garfield

Posté : 20 mai 2007 02:13
par GregLand
Tu n'as pas répondu a ma question...

Tu as essayé de résoudre ton problème en "mode sans echec" ou sous windows en "mode normal" ?

Si tu ne l'a pas fait teste en mode sans echec

Posté : 20 mai 2007 05:25
par lamontagne22
Telecharge et installe
et scan....peut-être il va le supprimer....

http://www.spytrackers.com/xoft-spy-se/

Mais çà va être dur dur !
Comme dit Greg....réinstaller Win serait plus rapide.....et plus efficace;
mais à condition d'avoir les CD.....et de sauvegarder ce que tu as d'important....

Bon courage.!

Posté : 21 mai 2007 17:39
par Miss_Garfield
Bonjour... j'ai eu des prob donc je ne pouvais pas rien faire...

Bon je crois que le fichu cheval de troie est VBStat-C avec son agent-FDG.....

Je Vous transmet mon hijackthis.... mais svp soyez indulgent avec moi car mes connaissances en info sont minime il faut être précis.. désolée mais on ne peut pas tous être calés comem VOus :P

Logfile of HijackThis v1.99.1
Scan saved at 11:10:38, on 2007-05-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVASTA~1\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\WINDOWS\retadpu1000272.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\MétéoMédia\WeatherEye.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Clone CD\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\lqcocvxb.dll",realset
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MétéoIMédia] D:\MétéoMédia\WeatherEye.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://D:\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: bw+0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - (no file)
O20 - AppInit_DLLs: Runner.dll,Runner.dll,abnihckl.dll,Runner.dll,oanefofe.dll,SDRunner.dll,ibnpfipi.dll,Runner.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Posté : 21 mai 2007 17:51
par Mick@el
Salut,

Supprime ceux là :

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\lqcocvxb.dll",realset

O20 - AppInit_DLLs: Runner.dll,Runner.dll,abnihckl.dll,Runner.dll,oanefofe.dll,SDRunner.dll,ibnpfipi.dll,Runner.dll

Le dernier me semble être une belle saloperie
Je te conseille ensuite de supprimer les fichiers C:\WINDOWS\retadpu1000272.exe et C:\WINDOWS\system32\lqcocvxb.dll

Posté : 21 mai 2007 17:57
par Miss_Garfield
Merci Mickael de bien vouloir m'aider...

Dis-moi stp comment faire pour les supprimer je ne sais que faire le log de hijackthis sniff.... suis vraiment pas douée dans tout ça...

encore un gros merci

Miss_Garfield

Posté : 21 mai 2007 18:20
par Mick@el
Tu coches les cases que je t'ai mentionnées et tu cliques sur "Fix Checked"

Posté : 21 mai 2007 18:29
par Miss_Garfield
Voici ce que donne le 2 eme log après avoir fixé



Logfile of HijackThis v1.99.1
Scan saved at 12:29:12, on 2007-05-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVASTA~1\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\MétéoMédia\WeatherEye.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Clone CD\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\jddbxsqw.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\Ad-On\Messenger Plus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MétéoIMédia] D:\MétéoMédia\WeatherEye.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://D:\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: bw+0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {2F7EC300-4445-4BBC-8F9D-398F541A55FC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




Mickael

qqun m'a donné ce lien qui parle aussi de ce fichu
trojan

Je ne sais pas si ça peut aider mais pour moi c'est du vrai chinois :S
http://www.commentcamarche.net/forum/af ... 2-vbstat-c

Posté : 21 mai 2007 18:45
par Mick@el
Supprime celle là :

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\jddbxsqw.dll",realset
Heures au format UTC+01:00
Page 1 sur 1

Développé par phpBB® Forum Software © phpBB Limited

Traduit par phpBB-fr.com