Virus Msn Ratethisface (Résolu!) (1/2)

Connexion au forum informatique de Sur-la-Toile

La discussion « Virus Msn Ratethisface » se trouve dans le forum « Virus, troyens, etc... »

	Virus Msn Ratethisface
	» Liste des Forums » Virus, troyens, etc... » Discussion

12 messages dans la rubrique Virus, troyens, etc...

Le 26-06-2007 à 19:17 #

Bonjour à tous, j'ai cliqué sur un lien qui m'a été donné par msn: ratethisface.net/photo.41.com. Le lien est apparu aléatoirement dans mes boîtes de dialogue et un programme «gold.exe » est apparu sur mon bureau. J'ai effectué une analyse complète de mon système et j'y ai trouvé une cheval de troie. J'ai changé de version de msn. Mais là le problème, c'est que lorsque je navigue sur le net , il y a des fenêtres qui apparaissent. Mon système n'est pas complèment nettoyé, mais étant donné que je m'y connais pas trop en informatique, je ne sais pas quoi faire pour régler le problème. Je vous envoie le scan de Hijack this, Y-a-t-il quelqu'un qui peut m'aider?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\41A38DQ3\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\bhgrmtjs.dll
O2 - BHO: (no name) - {4E3BAF2F-5C8A-4159-85C3-43641377FD23} - C:\WINDOWS\system32\ssttt.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\iiffefd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-ca\msntb.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [CleanUp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2006119222848_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2006119222840_mcinfo.exe /insfin
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechSetup] D:\Setup\Setup.exe /restart /l:fra
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\abyttabg.dll",forkonce
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: bw+0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: iiffefd - C:\WINDOWS\SYSTEM32\iiffefd.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

11742 messages dans la rubrique Dépannage Informatique

4172 messages dans la rubrique Virus, troyens, etc...

31 ans.

Le 26-06-2007 à 19:20 #

salut et bienvenue sur la toile

Télécharger sur le Bureau.
VundoFix

= Double-clic VundoFix.exe.
= Clic OK
=Attendre le redemarrage de Vundofix
=Clic Scan for Vundo
= le scan est assez long , à la fin
=Clic Remove Vundo
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown
=clic OK
=Redémarrage auto
=copier le rapport qui est dans C:\vundofix.txt

Télécharger sur le bureau
VirtumondoBegone

=Double clic sur VirtumundoBeGone.exe
=clic Continue ==> clic Start
=clic Oui
=A la fin si Vundo est présent , le PC s’éteint et redémarre

Si Ecran bleu et message : Erreur fatale .. pas de problème

=Poster le rapport VBG.TXT qui est sur le bureau

+ un nouveau hijack

Le 26-06-2007 à 20:16 #

Merci pour beaucoup pour votre aide!

Voici le vundofix.txt

Listing files found while scanning....

C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.tmp
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.tmp
C:\WINDOWS\system32\tttss.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Voici le VBG.TXT:
[06/26/2007, 13:55:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FJQ0JTX7\VirtumundoBeGone[1].exe" )
[06/26/2007, 13:55:22] - Detected System Information:
[06/26/2007, 13:55:23] - Windows Version: 5.1.2600, Service Pack 2
[06/26/2007, 13:55:23] - Current Username: Administrateur (Admin)
[06/26/2007, 13:55:23] - Windows is in NORMAL mode.
[06/26/2007, 13:55:23] - Searching for Browser Helper Objects:
[06/26/2007, 13:55:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/26/2007, 13:55:23] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/26/2007, 13:55:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:23] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/26/2007, 13:55:23] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/26/2007, 13:55:23] - BHO 3: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/26/2007, 13:55:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:24] - Checking for HKLM\...\Winlogon\Notify\bhgrmtjs
[06/26/2007, 13:55:24] - Key not found: HKLM\...\Winlogon\Notify\bhgrmtjs, continuing.
[06/26/2007, 13:55:24] - BHO 4: {37195FCF-918A-4E79-A618-FCB3096D5CB5} ()
[06/26/2007, 13:55:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:24] - Checking for HKLM\...\Winlogon\Notify\ddcda
[06/26/2007, 13:55:24] - Found: HKLM\...\Winlogon\Notify\ddcda - This is probably Virtumundo.
[06/26/2007, 13:55:24] - Assigning {37195FCF-918A-4E79-A618-FCB3096D5CB5} MSEvents Object
[06/26/2007, 13:55:24] - BHO list has been changed! Starting over...
[06/26/2007, 13:55:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/26/2007, 13:55:25] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/26/2007, 13:55:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:25] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/26/2007, 13:55:25] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/26/2007, 13:55:25] - BHO 3: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/26/2007, 13:55:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:25] - Checking for HKLM\...\Winlogon\Notify\bhgrmtjs
[06/26/2007, 13:55:25] - Key not found: HKLM\...\Winlogon\Notify\bhgrmtjs, continuing.
[06/26/2007, 13:55:25] - BHO 4: {37195FCF-918A-4E79-A618-FCB3096D5CB5} (MSEvents Object)
[06/26/2007, 13:55:25] - ALERT: Found MSEvents Object!
[06/26/2007, 13:55:25] - BHO 5: {4E3BAF2F-5C8A-4159-85C3-43641377FD23} ()
[06/26/2007, 13:55:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:26] - Checking for HKLM\...\Winlogon\Notify\ssttt
[06/26/2007, 13:55:26] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
[06/26/2007, 13:55:26] - BHO 6: {7C24493F-3D23-4258-9426-42C5FC3B8211} ()
[06/26/2007, 13:55:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:26] - Checking for HKLM\...\Winlogon\Notify\iiffefd
[06/26/2007, 13:55:26] - Found: HKLM\...\Winlogon\Notify\iiffefd - This is probably Virtumundo.
[06/26/2007, 13:55:26] - Assigning {7C24493F-3D23-4258-9426-42C5FC3B8211} MSEvents Object
[06/26/2007, 13:55:26] - BHO list has been changed! Starting over...
[06/26/2007, 13:55:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/26/2007, 13:55:26] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/26/2007, 13:55:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:27] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/26/2007, 13:55:27] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/26/2007, 13:55:27] - BHO 3: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/26/2007, 13:55:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:27] - Checking for HKLM\...\Winlogon\Notify\bhgrmtjs
[06/26/2007, 13:55:27] - Key not found: HKLM\...\Winlogon\Notify\bhgrmtjs, continuing.
[06/26/2007, 13:55:27] - BHO 4: {37195FCF-918A-4E79-A618-FCB3096D5CB5} (MSEvents Object)
[06/26/2007, 13:55:27] - ALERT: Found MSEvents Object!
[06/26/2007, 13:55:27] - BHO 5: {4E3BAF2F-5C8A-4159-85C3-43641377FD23} ()
[06/26/2007, 13:55:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:55:28] - Checking for HKLM\...\Winlogon\Notify\ssttt
[06/26/2007, 13:55:28] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
[06/26/2007, 13:55:28] - BHO 6: {7C24493F-3D23-4258-9426-42C5FC3B8211} (MSEvents Object)
[06/26/2007, 13:55:28] - ALERT: Found MSEvents Object!
[06/26/2007, 13:55:28] - Finished Searching Browser Helper Objects
[06/26/2007, 13:55:28] - *** Detected MSEvents Object
[06/26/2007, 13:55:28] - Trying to remove MSEvents Object...
[06/26/2007, 13:55:29] - Terminating Process: IEXPLORE.EXE
[06/26/2007, 13:55:31] - Terminating Process: RUNDLL32.EXE
[06/26/2007, 13:55:31] - Disabling Automatic Shell Restart
[06/26/2007, 13:55:31] - Terminating Process: EXPLORER.EXE
[06/26/2007, 13:55:33] - Suspending the NT Session Manager System Service
[06/26/2007, 13:55:34] - Terminating Windows NT Logon/Logoff Manager
[06/26/2007, 13:55:34] - Re-enabling Automatic Shell Restart
[06/26/2007, 13:55:35] - File to disable: C:\WINDOWS\system32\ddcda.dll
[06/26/2007, 13:55:35] - Renaming C:\WINDOWS\system32\ddcda.dll -> C:\WINDOWS\system32\ddcda.dll.vir
[06/26/2007, 13:55:36] - ! File rename was unsucessful.
[06/26/2007, 13:55:37] - Attempting to Deny Access to C:\WINDOWS\system32\ddcda.dll
[06/26/2007, 13:55:44] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[06/26/2007, 13:55:47] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[06/26/2007, 13:55:49] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[06/26/2007, 13:55:51] - Removing HKLM\...\Browser Helper Objects\{37195FCF-918A-4E79-A618-FCB3096D5CB5}
[06/26/2007, 13:55:53] - Removing HKCR\CLSID\{37195FCF-918A-4E79-A618-FCB3096D5CB5}
[06/26/2007, 13:55:56] - Adding Kill Bit for ActiveX for GUID: {37195FCF-918A-4E79-A618-FCB3096D5CB5}
[06/26/2007, 13:55:59] - Deleting ATLEvents/MSEvents Registry entries
[06/26/2007, 13:56:00] - Removing HKLM\...\Winlogon\Notify\ddcda
[06/26/2007, 13:56:00] - Searching for Browser Helper Objects:
[06/26/2007, 13:56:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/26/2007, 13:56:02] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/26/2007, 13:56:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:02] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/26/2007, 13:56:02] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/26/2007, 13:56:03] - BHO 3: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/26/2007, 13:56:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:03] - Checking for HKLM\...\Winlogon\Notify\bhgrmtjs
[06/26/2007, 13:56:03] - Key not found: HKLM\...\Winlogon\Notify\bhgrmtjs, continuing.
[06/26/2007, 13:56:04] - BHO 4: {4E3BAF2F-5C8A-4159-85C3-43641377FD23} ()
[06/26/2007, 13:56:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:04] - Checking for HKLM\...\Winlogon\Notify\ssttt
[06/26/2007, 13:56:04] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
[06/26/2007, 13:56:04] - BHO 5: {7C24493F-3D23-4258-9426-42C5FC3B8211} (MSEvents Object)
[06/26/2007, 13:56:04] - ALERT: Found MSEvents Object!
[06/26/2007, 13:56:04] - BHO 6: {FF9614F6-1C79-40EC-847B-5AF095D3DBAF} ()
[06/26/2007, 13:56:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:05] - Checking for HKLM\...\Winlogon\Notify\ddcda
[06/26/2007, 13:56:05] - Found: HKLM\...\Winlogon\Notify\ddcda - This is probably Virtumundo.
[06/26/2007, 13:56:05] - Assigning {FF9614F6-1C79-40EC-847B-5AF095D3DBAF} MSEvents Object
[06/26/2007, 13:56:05] - BHO list has been changed! Starting over...
[06/26/2007, 13:56:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/26/2007, 13:56:05] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/26/2007, 13:56:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:05] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/26/2007, 13:56:06] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/26/2007, 13:56:06] - BHO 3: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/26/2007, 13:56:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:06] - Checking for HKLM\...\Winlogon\Notify\bhgrmtjs
[06/26/2007, 13:56:06] - Key not found: HKLM\...\Winlogon\Notify\bhgrmtjs, continuing.
[06/26/2007, 13:56:06] - BHO 4: {4E3BAF2F-5C8A-4159-85C3-43641377FD23} ()
[06/26/2007, 13:56:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:06] - Checking for HKLM\...\Winlogon\Notify\ssttt
[06/26/2007, 13:56:06] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
[06/26/2007, 13:56:06] - BHO 5: {7C24493F-3D23-4258-9426-42C5FC3B8211} (MSEvents Object)
[06/26/2007, 13:56:07] - ALERT: Found MSEvents Object!
[06/26/2007, 13:56:07] - BHO 6: {FF9614F6-1C79-40EC-847B-5AF095D3DBAF} (MSEvents Object)
[06/26/2007, 13:56:07] - ALERT: Found MSEvents Object!
[06/26/2007, 13:56:07] - Finished Searching Browser Helper Objects
[06/26/2007, 13:56:07] - *** Detected MSEvents Object
[06/26/2007, 13:56:07] - Trying to remove MSEvents Object...
[06/26/2007, 13:56:08] - Terminating Process: IEXPLORE.EXE
[06/26/2007, 13:56:12] - Terminating Process: RUNDLL32.EXE
[06/26/2007, 13:56:15] - Disabling Automatic Shell Restart
[06/26/2007, 13:56:16] - Terminating Process: EXPLORER.EXE
[06/26/2007, 13:56:20] - Suspending the NT Session Manager System Service
[06/26/2007, 13:56:23] - Terminating Windows NT Logon/Logoff Manager
[06/26/2007, 13:56:26] - Re-enabling Automatic Shell Restart
[06/26/2007, 13:56:28] - File to disable: C:\WINDOWS\system32\iiffefd.dll
[06/26/2007, 13:56:30] - Renaming C:\WINDOWS\system32\iiffefd.dll -> C:\WINDOWS\system32\iiffefd.dll.vir
[06/26/2007, 13:56:32] - ! File rename was unsucessful.
[06/26/2007, 13:56:32] - Attempting to Deny Access to C:\WINDOWS\system32\iiffefd.dll
[06/26/2007, 13:56:33] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[06/26/2007, 13:56:33] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[06/26/2007, 13:56:33] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[06/26/2007, 13:56:33] - Removing HKLM\...\Browser Helper Objects\{7C24493F-3D23-4258-9426-42C5FC3B8211}
[06/26/2007, 13:56:34] - Removing HKCR\CLSID\{7C24493F-3D23-4258-9426-42C5FC3B8211}
[06/26/2007, 13:56:34] - Adding Kill Bit for ActiveX for GUID: {7C24493F-3D23-4258-9426-42C5FC3B8211}
[06/26/2007, 13:56:34] - Deleting ATLEvents/MSEvents Registry entries
[06/26/2007, 13:56:34] - Removing HKLM\...\Winlogon\Notify\iiffefd
[06/26/2007, 13:56:34] - Searching for Browser Helper Objects:
[06/26/2007, 13:56:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/26/2007, 13:56:34] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/26/2007, 13:56:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:34] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/26/2007, 13:56:35] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/26/2007, 13:56:35] - BHO 3: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/26/2007, 13:56:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:35] - Checking for HKLM\...\Winlogon\Notify\bhgrmtjs
[06/26/2007, 13:56:35] - Key not found: HKLM\...\Winlogon\Notify\bhgrmtjs, continuing.
[06/26/2007, 13:56:35] - BHO 4: {4E3BAF2F-5C8A-4159-85C3-43641377FD23} ()
[06/26/2007, 13:56:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:35] - Checking for HKLM\...\Winlogon\Notify\ssttt
[06/26/2007, 13:56:35] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
[06/26/2007, 13:56:35] - BHO 5: {FF9614F6-1C79-40EC-847B-5AF095D3DBAF} (MSEvents Object)
[06/26/2007, 13:56:35] - ALERT: Found MSEvents Object!
[06/26/2007, 13:56:35] - Finished Searching Browser Helper Objects
[06/26/2007, 13:56:35] - *** Detected MSEvents Object
[06/26/2007, 13:56:35] - Trying to remove MSEvents Object...
[06/26/2007, 13:56:36] - Terminating Process: IEXPLORE.EXE
[06/26/2007, 13:56:37] - Terminating Process: RUNDLL32.EXE
[06/26/2007, 13:56:38] - Disabling Automatic Shell Restart
[06/26/2007, 13:56:38] - Terminating Process: EXPLORER.EXE
[06/26/2007, 13:56:38] - Suspending the NT Session Manager System Service
[06/26/2007, 13:56:38] - Terminating Windows NT Logon/Logoff Manager
[06/26/2007, 13:56:38] - Re-enabling Automatic Shell Restart
[06/26/2007, 13:56:38] - File to disable: C:\WINDOWS\system32\ddcda.dll
[06/26/2007, 13:56:39] - Renaming C:\WINDOWS\system32\ddcda.dll -> C:\WINDOWS\system32\ddcda.dll.vir
[06/26/2007, 13:56:39] - ! File rename was unsucessful.
[06/26/2007, 13:56:39] - Attempting to Deny Access to C:\WINDOWS\system32\ddcda.dll
[06/26/2007, 13:56:39] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[06/26/2007, 13:56:39] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

[06/26/2007, 13:56:39] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[06/26/2007, 13:56:39] - Removing HKLM\...\Browser Helper Objects\{FF9614F6-1C79-40EC-847B-5AF095D3DBAF}
[06/26/2007, 13:56:39] - Removing HKCR\CLSID\{FF9614F6-1C79-40EC-847B-5AF095D3DBAF}
[06/26/2007, 13:56:39] - Adding Kill Bit for ActiveX for GUID: {FF9614F6-1C79-40EC-847B-5AF095D3DBAF}
[06/26/2007, 13:56:39] - Deleting ATLEvents/MSEvents Registry entries
[06/26/2007, 13:56:39] - Removing HKLM\...\Winlogon\Notify\ddcda
[06/26/2007, 13:56:39] - Searching for Browser Helper Objects:
[06/26/2007, 13:56:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/26/2007, 13:56:40] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/26/2007, 13:56:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:40] - Checking for HKLM\...\Winlogon\Notify\NppBho
[06/26/2007, 13:56:40] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/26/2007, 13:56:40] - BHO 3: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
[06/26/2007, 13:56:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:40] - Checking for HKLM\...\Winlogon\Notify\bhgrmtjs
[06/26/2007, 13:56:40] - Key not found: HKLM\...\Winlogon\Notify\bhgrmtjs, continuing.
[06/26/2007, 13:56:40] - BHO 4: {4E3BAF2F-5C8A-4159-85C3-43641377FD23} ()
[06/26/2007, 13:56:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/26/2007, 13:56:40] - Checking for HKLM\...\Winlogon\Notify\ssttt
[06/26/2007, 13:56:40] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
[06/26/2007, 13:56:40] - Finished Searching Browser Helper Objects
[06/26/2007, 13:56:40] - Finishing up...
[06/26/2007, 13:56:40] - A restart is needed.
[06/26/2007, 13:57:18] - Attempting to Restart via STOP error (Blue Screen!)

Voici le Scan Hijack This:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.739\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-ca\msntb.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [CleanUp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2006119222848_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2006119222840_mcinfo.exe /insfin
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechSetup] D:\Setup\Setup.exe /restart /l:fra
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\abyttabg.dll",forkonce
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: bw+0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EA838485-B64D-4B1F-A3D7-1C19D64BA0BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

Et maintenant je fais quoi? Il y en a encore des fenêtres de pub qui apparaissent.

31 ans.

Le 26-06-2007 à 20:23 #

télécharger sur le bureau
Navilog1.exe
= double-clic dessus pour l'installer et le lancer
Quand installé
= taper F
= Appuyer sur une touche jusqu' à arriver aux options
= Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

un rapport : fixnavi.txt
dans ==> C :
le copier/coller dans la réponse
--------------------------------------------------------------------------------------------------------------------------------------
Télécharge sur ton bureau Clean (zip)
= Clic droit sur Clean.zip et Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
=double-clic Dossier Clean
= double-clic Clean. ( avec comme symbole une roue dentée)
= Option 1 = taper 1
= copier/coller le rapport dans la réponse

Le 26-06-2007 à 21:33 #

Bon alors voici les autres analyses

Fixnavi.txt:

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***

*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 06/26/07 at 15:03:46.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .......................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/26/07 at 15:18:37 (return code = 0).

*** Recherche fichiers ***

*** Recherche cles registre ***

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Recherche Clé Magic Control

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\ghggh.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\adcdd.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ghggh.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\tttss.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ghggh.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********

*** Analyse Terminé le 2007-06-26 à 15:19:57,63 ***

Et voici le rapport_clean.txt:

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
"C:\WINDOWS\Matrix Code.exe" FOUND
C:\WINDOWS\temp\mc???.tmp FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\MSN Messenger\msrr.exe" FOUND
"C:\Program Files\MyGlobalSearch\" FOUND
*** Fin du rapport !

31 ans.

Le 26-06-2007 à 22:35 #

= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8, jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel

=lance clean.zip et choisit l'option 2

= Redémarre en mode normal et colle le contenu du rapport clean.zip option 2

Le 26-06-2007 à 23:38 #

Bon, voici le rapport clean.zip option 2:

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 2007-06-26 a 17:24:38,31

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de "C:\WINDOWS\Matrix Code.exe"
tentative de suppression de C:\WINDOWS\temp\mc???.tmp
Impossible de supprimer C:\WINDOWS\temp\mc???.tmp

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\MSN Messenger\msrr.exe"
tentative de suppression de "C:\Program Files\MyGlobalSearch\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
________________________

Voilà, alors quelle est la prochaine étape? Merci

7394 messages dans la rubrique Virus, troyens, etc...

2354 messages dans la rubrique Dépannage Informatique

288 messages dans la rubrique Hors sujet

16 ans.

Le 26-06-2007 à 23:41 #

supprime dans

C:\WINDOWS\system32\ ==>ghggh.ini2
C:\WINDOWS\system32\ ==> adcdd.bak1
C:\WINDOWS\system32\ ==> ghggh.bak1
C:\WINDOWS\system32\ ==> tttss.bak1
C:\WINDOWS\system32\ ==> ghggh.bak2

Le 26-06-2007 à 23:50 #

Alors j'ai supprimé ghggh.ini2, ghggh.bak1, ghggh.bak2 et adcdd.bak1. Cependant je n'ai pas trouvée le fichier tttss.bak1. Se peut-il qu'il se trouve ailleurs? Et je fais quoi ensuite? Merci encore une fois!

16 ans.

Le 26-06-2007 à 23:52 #

fait démarrer ==> rechercher ==> tous les fichiers et tous les dossiers
dans avancé tu coches les 3 premières cases

et tu lances le recherche avec ce que tu n'as pas trouvé.

» Liste des Forums » Virus, troyens, etc...

Sujets Connexes

Arakien & WéWé

Du nouveau ?

Rafraîchir

Forums

Navigation

Connectés

Il y a actuellement 509 visiteurs et 16 toiliens en ligne, ainsi que 8 connectés sur le tchat.

Recherche

Concours

Partenaires

Sauf mention contraire, le contenu du blog et du forum est sous licence Creative Commons By-Sa. Vous avez le droit de le reproduire à condition de citer l'auteur, de faire un lien vers la page d'origine, et de partager vos travaux dérivés selon les mêmes conditions.

Conditions d'utilisation -

Partenaires: [Informatique Multimédia] [Portail du Maroc] [Actualité High Tech]
[Tutoriaux Photoshop] [éligibilité ADSL] [Astuces Windows]

Page générée en 194 millisecondes sur WWW1.

Virus Msn Ratethisface

Participer! →

bluesbeck →

Le 26-06-2007 à 19:17 #

lolo73 →

Le 26-06-2007 à 19:20 #

bluesbeck →

Le 26-06-2007 à 20:16 #

lolo73 →

Le 26-06-2007 à 20:23 #

bluesbeck →

Le 26-06-2007 à 21:33 #

lolo73 →

Le 26-06-2007 à 22:35 #

bluesbeck →

Le 26-06-2007 à 23:38 #

thegame →

Le 26-06-2007 à 23:41 #

bluesbeck →

Le 26-06-2007 à 23:50 #

thegame →

Le 26-06-2007 à 23:52 #

Participer! →

Sujets Connexes

Arakien & WéWé

Du nouveau ?

Forums

Navigation

Publicité

Connectés

Recherche

Concours

Partenaires