Virus dowloader

rm95

29 Juillet 2006 13:56:12

Salut a tous , j'ai besoin d'aide! , j'ai eté infecter par un virus qui s'intitull dowloader! , il est situé dans c:/windows/systeme32/ishost.exe , j'ai fait tt raport mais apres ca le virus y est encore ? comment faire ? je vous envois les raports?

Autres pages sur : virus dowloader

| Etre averti des réponses
| Alerter

Répondre à rm95

mogadon

29 Juillet 2006 15:02:00

Bonjour
oui en précisant ce qui a été déjà fait.

| Alerter

Répondre à mogadon

rm95

30 Juillet 2006 11:04:54

Voici mon raport fait avec hijackthis :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\issearch.exe
C:\PROGRA~1\Norton AntiVirus\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Documents and Settings\Momo\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\Norton AntiVirus\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [saap] c:\program files\180searchassistant\saap.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [skipway] C:\DOCUME~1\Momo\APPLIC~1\OkayBoneDebug\part trust.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC06EF1D-F576-4A21-8C92-FA10F7220BBF}: NameServer = 212.27.39.134,213.228.0.168
O18 - Protocol: bw+0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: offline-8876480 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

| Alerter

Répondre à rm95

chercheur_

30 Juillet 2006 11:24:05

Bonjour

* Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Tu le dézippes sur le Bureau.

* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport

| Alerter

Répondre à chercheur_

rm95

30 Juillet 2006 13:50:22

voila le raport

SmitFraudFix v2.76

Rapport fait à 15:57:56,70, 30/07/2006
Executé à partir de C:\Documents and Settings\Momo\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe PRESENT !
C:\WINDOWS\system32\ismon.exe PRESENT !
C:\WINDOWS\system32\isnotify.exe PRESENT !
C:\WINDOWS\system32\issearch.exe PRESENT !
C:\WINDOWS\system32\ixt?.dll PRESENT !
C:\WINDOWS\system32\ixt??.dll PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\ts.ico PRESENT !
C:\WINDOWS\system32\components\flx?.dll PRESENT !
C:\WINDOWS\system32\components\flx??.dll PRESENT !
C:\WINDOWS\system32\components\flx???.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Momo\Application Data

C:\Documents and Settings\Momo\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyQuake2.com\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

| Alerter

Répondre à rm95

chercheur_

30 Juillet 2006 14:00:40

On continue

* Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

* Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarres l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuyes sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionnes le mode sans échec approprié et appuyes sur Entrée.

* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.

* Lance le nettoyage avec CCleaner.

* Lance Ewido. Clique sur le bouton Scanner (de la barre d'outils)
Puis sur l'onglets Settings, pour How to Act. Clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens a l'onglet Scan. Clique Complete system Scan
A la fin du scan, choisis l'option " Apply All Actions " en bas.
Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit facile à retrouver.

* Redémarres normalement et communiques le deuxième rapport de SmitfraudFix, celui d'Ewido avec un nouveau rapport Hijackthis.

| Alerter

Répondre à chercheur_

rm95

30 Juillet 2006 17:27:33

Voici le raport avec Smitfraudfix
SmitFraudFix v2.76

Rapport fait à 18:14:10,96, 30/07/2006
Executé à partir de C:\Documents and Settings\Momo\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\ishost.exe supprimé
C:\WINDOWS\system32\ismon.exe supprimé
C:\WINDOWS\system32\isnotify.exe supprimé
C:\WINDOWS\system32\issearch.exe supprimé
C:\WINDOWS\system32\ixt?.dll supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\ts.ico supprimé
C:\WINDOWS\system32\components\flx?.dll supprimé
C:\Documents and Settings\Momo\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk supprimé
C:\Program Files\SpyQuake2.com\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

| Alerter

Répondre à rm95

chercheur_

30 Juillet 2006 21:15:23

Smitfraudfix a fait du ménage.

Il manque les rapports Ewido et HijackThis.

| Alerter

Répondre à chercheur_

rm95

31 Juillet 2006 06:14:41

voici le raport ewido

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:49:30 30/07/2006

+ Scan result:

HKU\S-1-5-21-823518204-113007714-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Anuman Interactive\Web Design Studio\root\vhtml\1630668287\uwc_speedsolominiemu-31.rar/miniemu\extra\Tools\ItemCreator1.2.5.exe -> Not-A-Virus.Monitor.Win32.JazoKeylogger.3110 : Cleaned with backup (quarantined).

::Report end

| Alerter

Répondre à rm95

chercheur_

31 Juillet 2006 19:20:55

Malgré le ménage déja effectué, il te reste des fichiers infectieux.

Poste les rapports que je demande.
Il manque toujours HijackThis.

Fais aussi ceci.

Télécharges Lopxp.zip
http://pageperso.aol.fr/balltrap34/lopxp.zip
Dézippes le sur le Bureau
Lances le fichier lopxp.bat
Postes le rapport

| Alerter

Répondre à chercheur_

rm95

1 Août 2006 17:39:15

Voici le raport hijack this

Logfile of HijackThis v1.99.1
Scan saved at 19:45:37, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Norton AntiVirus\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Momo\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\Norton AntiVirus\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [saap] c:\program files\180searchassistant\saap.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [skipway] C:\DOCUME~1\Momo\APPLIC~1\OkayBoneDebug\part trust.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - http://musicmix.messenger.msn.com/Medialogic.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC06EF1D-F576-4A21-8C92-FA10F7220BBF}: NameServer = 212.27.39.134,213.228.0.168
O18 - Protocol: bw+0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: offline-8876480 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Mainentant je fai la suite ke tu ma dis apres^^

| Alerter

Répondre à rm95

rm95

1 Août 2006 17:41:19

Voile le raport lop

Rapport fait à 19:49:06,90 le 01/08/2006

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est B424-7D36

R‚pertoire de C:\Documents and Settings\All Users\Application Data

08/07/2006 17:09 <REP> Samsung
30/06/2006 18:17 <REP> Windows Genuine Advantage
25/06/2006 16:11 <REP> Apple Computer
24/06/2006 21:49 <REP> Skype
14/06/2006 18:53 <REP> Messenger Plus!
14/06/2006 18:53 <REP> Camp Bolt Dart Two
18/02/2006 16:50 <REP> Sony
01/12/2005 00:33 <REP> Yahoo! Companion
05/09/2005 22:09 62 desktop.ini
05/09/2005 22:09 <REP> Microsoft
05/09/2005 22:09 <REP> ..
05/09/2005 22:09 <REP> .
05/09/2005 20:31 <REP> Symantec
1 fichier(s) 62 octets
12 R‚p(s) 12551168000 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est B424-7D36

R‚pertoire de C:\Documents and Settings\Default User\Application Data

05/09/2005 22:09 62 desktop.ini
05/09/2005 22:09 <REP> Microsoft
05/09/2005 22:09 <REP> ..
05/09/2005 22:09 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 12551168000 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est B424-7D36

R‚pertoire de C:\Documents and Settings\Momo\Application Data

28/07/2006 21:18 <REP> Lavasoft
28/07/2006 08:18 <REP> ??pPatch
28/07/2006 08:16 <REP> s?curity
28/07/2006 08:16 <REP> ?ppPatch
28/07/2006 08:15 <REP> ?asks
28/07/2006 08:15 <REP> A?pPatch
28/07/2006 08:15 <REP> ?icrosoft.NET
28/07/2006 08:14 <REP> ??crosoft
28/07/2006 08:14 <REP> ?ppPatch
28/07/2006 08:14 <REP> M?crosoft
28/07/2006 08:13 <REP> ??curity
28/07/2006 08:13 <REP> T?sks
28/07/2006 08:13 <REP> ?ecurity
28/07/2006 08:13 <REP> ??sks
28/07/2006 08:13 <REP> ?asks
28/07/2006 08:13 <REP> ?dobe
28/07/2006 08:12 <REP> ??mantec
28/07/2006 08:12 <REP> ??crosoft
28/07/2006 08:12 <REP> s?stem32
28/07/2006 08:12 <REP> ??mbols
28/07/2006 08:12 <REP> ?ystem
28/07/2006 08:12 <REP> a?sembly
28/07/2006 08:12 <REP> S?mantec
28/07/2006 08:12 <REP> ?racle
28/07/2006 08:11 <REP> ?icrosoft
28/07/2006 08:11 <REP> ?icrosoft.NET
28/07/2006 08:11 <REP> ?ssembly
28/07/2006 08:11 <REP> ?ymantec
28/07/2006 08:11 <REP> F?nts
28/07/2006 08:11 <REP> ?racle
28/07/2006 08:11 <REP> ??crosoft.NET
28/07/2006 08:11 <REP> s?mbols
28/07/2006 08:11 <REP> M?crosoft.NET
28/07/2006 08:11 <REP> F?nts
28/07/2006 08:11 <REP> W?nSxS
28/07/2006 08:10 <REP> ??sembly
28/07/2006 08:10 <REP> s?stem
28/07/2006 08:10 <REP> ??crosoft.NET
28/07/2006 08:10 <REP> ?icrosoft
28/07/2006 08:10 <REP> ??pPatch
28/07/2006 08:10 <REP> ??sks
28/07/2006 08:10 <REP> ??stem
28/07/2006 08:10 <REP> ??stem32
28/07/2006 08:10 <REP> ?dobe
28/07/2006 08:10 <REP> ?ystem32
28/07/2006 08:10 <REP> ?ymbols
25/07/2006 13:59 <REP> Droppix
17/07/2006 22:30 3359 waver_2.95.dat
10/07/2006 15:45 <REP> Talkback
03/07/2006 09:59 <REP> CamTrack
28/06/2006 17:01 <REP> REAPER
25/06/2006 16:17 <REP> Apple Computer
24/06/2006 21:49 <REP> Skype
14/06/2006 18:57 <REP> EXIT PING DUPE
14/06/2006 18:52 <REP> OkayBoneDebug
24/05/2006 14:58 <REP> Ahead
23/05/2006 21:05 <REP> teamspeak2
18/02/2006 16:55 <REP> Publish Providers
18/02/2006 16:52 <REP> Sony
18/02/2006 01:36 <REP> Wings3D
16/02/2006 23:50 <REP> Mozilla
16/02/2006 23:50 <REP> Nvu
14/02/2006 11:53 <REP> Google
05/02/2006 19:04 <REP> RapidGet
28/12/2005 15:03 <REP> .bittorrent
24/12/2005 18:33 <REP> ATI
01/12/2005 00:33 <REP> Macromedia
23/11/2005 17:53 <REP> Help
05/09/2005 20:31 <REP> Symantec
05/09/2005 20:28 <REP> Identities
05/09/2005 20:28 62 desktop.ini
05/09/2005 20:28 <REP> ..
05/09/2005 20:28 <REP> .
05/09/2005 20:28 <REP> Microsoft
2 fichier(s) 3421 octets
72 R‚p(s) 12551163904 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est B424-7D36

R‚pertoire de C:\WINDOWS\Tasks

05/09/2005 20:43 530 Norton AntiVirus - Analyser mon ordinateur.job
05/09/2005 20:32 362 Symantec NetDetect.job
05/09/2005 20:26 6 SA.DAT
05/09/2005 20:17 65 desktop.ini
05/09/2005 20:17 <REP> ..
05/09/2005 20:17 <REP> .
4 fichier(s) 963 octets
2 R‚p(s) 12ÿ551ÿ163ÿ904 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************

ensuite ?

merci bcp de m'aider quand meme

| Alerter

Répondre à rm95

chercheur_

1 Août 2006 21:46:43

On continue

Étape 1:
Télécharge eScan Antivirus Toolkit
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

Étape 2:
Voici comment mettre l'outil à jour :

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.

Ne pas lancer le scan tout de suite !

Étape 3:
Redémarre en mode Sans Échec
Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.

3.) Il est très important de bien cocher ces boîtes sous Scan Option
Memory, Registry, Startup Folders, System Folders, Services.

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse avec un nouveau HijackThis.

| Alerter

Répondre à chercheur_

rm95

4 Août 2006 10:08:01

Voici le raport avec escan :

File C:\WINDOWS\system32\winmyy32.dll infected by "Packed.Win32.Klone.g" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\About2.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\AXISBOLT.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\Beepcopy.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\BIASDEFY.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\Bolt aim.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\Clockjump.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\CopyBits.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\DEBUGRECT.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\else default.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\free boob.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\Free Start.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\Hold Free.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\Logobows.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\open license.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\Platform win.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\scrfind.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two\Size Flaw.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\EXIT PING DUPE\LicenseTrans.exe infected by "Trojan-Downloader.Win32.Swizzor.fg" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\bzpglnsp.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\cdrom window rdr loud.exe infected by "Trojan-Downloader.Win32.Swizzor.dv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\cxlnmsmn.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\ettueryl.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\evhuvpft.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\evoeelcv.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\gbyftiyf.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\hyzbduob.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\hzumunzl.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\kxdwbztx.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\lwlhkvhr.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\maykfguj.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\oaduuxud.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\One Meal About.exe infected by "Trojan-Downloader.Win32.Swizzor.fg" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\part trust.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\ruiqvbaz.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\tyoelltr.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\uygxldqx.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\ywrvbxjf.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Application Data\OkayBoneDebug\zbngvpwx.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\Momo\Local Settings\Temporary Internet Files\Content.IE5\O9QVSTAV\wind32[1].exe infected by "Trojan-Dropper.Win32.VB.nn" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Momo\Local Settings\Temporary Internet Files\Content.IE5\RUGFFTGX\srvfkb[1].exe infected by "Packed.Win32.Klone.g" Virus. Action Taken: File Renamed.

Voici l'autre raport avec hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 12:00:09, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\WINDOWS\TEMP\win38F.tmp.exe
C:\Documents and Settings\Momo\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\Norton AntiVirus\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [skipway] C:\DOCUME~1\Momo\APPLIC~1\OkayBoneDebug\part trust.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - http://musicmix.messenger.msn.com/Medialogic.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC06EF1D-F576-4A21-8C92-FA10F7220BBF}: NameServer = 212.27.39.134,213.228.0.168
O18 - Protocol: bw+0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: offline-8876480 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

:S encore infecter!

, la suite
chercheurPCA a écrit :
On continue

Étape 1:
Télécharge eScan Antivirus Toolkit
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

Étape 2:
Voici comment mettre l'outil à jour :

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.

Ne pas lancer le scan tout de suite !

Étape 3:
Redémarre en mode Sans Échec
Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.

3.) Il est très important de bien cocher ces boîtes sous Scan Option
Memory, Registry, Startup Folders, System Folders, Services.

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse avec un nouveau HijackThis.
[/quote]

| Alerter

Répondre à rm95

chercheur_

4 Août 2006 11:07:50

On continue

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

1 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

2 Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [skipway] C:\DOCUME~1\Momo\APPLIC~1\OkayBoneDebug\part trust.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O18 - Protocol: bw+0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B7C7043C-BA04-4831-839B-A5904546FE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

3 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

4 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :

ipwins

5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Program Files\ipwins
C:\Documents and Settings\All Users\Application Data\Camp Bolt Dart Two
C:\Documents and Settings\Momo\Application Data\EXIT PING DUPE
C:\Documents and Settings\Momo\Application Data\OkayBoneDebug

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

6 Lance le nettoyage avec CCleaner.

7 Redémarre normalement et poste un nouveau log HijackThis.

| Alerter

Répondre à chercheur_

Tom's guide dans le monde