[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

bob63 · le 24 juillet 2005

et moi je propose de ne plus poster de rapport de PC infesté par norton

spa le mien :francais:

je lui est bien dit de mettre avast! :non:

gailuron66 · le 24 juillet 2005

..........et spybot + ad-aware + a-squared ???

tu lui a pas dit ???

:francais:

bob63 · le 24 juillet 2005

..........et spybot + ad-aware + a-squared ???
tu lui a pas dit ???

a squared non mais le reste oui :francais:

gailuron66 · le 24 juillet 2005

d'ailleur ==> snOoky, je proposerais que sur la premiere page figure les principales actions de désinfections à effectuer avant de poster un rapport :francais:

à cogiter non ? :chinois:

snooky · le 24 juillet 2005

a squared non mais le reste oui

Pour les trojans ( O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe ) , c'est pourtant A² Squared Free qu'il faut !

:chinois:

snooky · le 24 juillet 2005

d'ailleur ==> snOoky, je proposerais que sur la premiere page figure les principales actions de désinfections à effectuer avant de poster un rapport
à cogiter non ?

Oui , ça se fait sur les forums de sécurité .

Je pense que préparer un post " spécial Trojan " et les actions à mener serait bien , effectivement. Pour ensuite renvoyer les utilisateurs infectés vers ce post .

Il est tout de même préférable de poster un rapport brut , surtout si l'utilisateur n'a pas l'habitude des manips à faire en cas d'infection .

gailuron66 · le 24 juillet 2005

bin les manips, c'est pas compliqué :francais:

:toutcequiesttrouvé: -----> à virrer !!!!!!!!!!!!!

bob63 · le 24 juillet 2005

bin les manips, c'est pas compliqué
:toutcequiesttrouvé: -----> à virrer !!!!!!!!!!!!!

:transpi: :non: :yes: apres format C: :chinois:

snooky · le 24 juillet 2005

Fermer les processus IE6 , passer Ccleaner ... ce genre de trucs ... :francais:

gailuron66 · le 24 juillet 2005

Fermer les processus IE6 , passer Ccleaner ... ce genre de trucs ...

au boulot !!!

mais c'est toi qui t'y colle :non:

prolixe comme tu est ....................... :yes: .............................. faudra surement REvoir ça :fou:

:chinois:

PZ:

bon ce coup ci, j'y va me couchassionner :non:

j'ai rien toucher à ma CG :francais: ........................ c'est normal que je vois un ... biecran ? :transpi:

DODO !!!!!!! :yes: à "deux mains" !

snooky · le 24 juillet 2005

@ le pote à Bob63 :

Désactive la restauration system .

Ferme ton navigateur internet .

Passe Ccleaner ( supprime tout ce qu'il trouve ) .

Coche et Fixer Objet sur ces lignes avec Hijackthis :

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe>>>> LE méchant !

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

Passe

SmitfrauRemove

Clique sur le fichier .bat dans le dossier .

Reboot .

Passe A² Squared Free

Reboot et sélectionne un fond d'écran .

Passe à nouveau Ccleaner .

Poste un nouveau rapport pour vérification .

bob63 · le 24 juillet 2005

Logfile of HijackThis v1.99.1

Scan saved at 05:02:14, on 24/07/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\a2\a2guard.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Documents and Settings\MadMan\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://l00z-forum.clan.st/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

EDIT:ya tout la??

snooky · le 24 juillet 2005

Il y a tout , bob63 :sms:

Ton rapport est clean :-D

Fixe encore cette ligne :

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

Puis installe un Firewall ( Kerio 2.1.5 ) + le SP2.

:transpi:

snooky · le 24 juillet 2005

Juste pour vous prévenir que je pars 5 jours à en Sologne .

Je vais :fumer: à fond !

chienbleu · le 24 juillet 2005

Je vais à fond !

Mékéskonvadev'nir :incline:

/me te souhaite de bonnes vacances snOoky :yes:

Scaramouche · le 24 juillet 2005

profites en bien Snooky .. je sens que la salle d'attente va craquer ici pendant ce temps .. pas de débordements hein les autres :reflechis:

Quarky · le 24 juillet 2005

Bon j'ai utilisé Spysweeper , puis CWShredder et Ccleaner.

Mais pour a² free, je ne peux l'activer car la connexion au site échoue a chaque fois ... :reflechis: :-D

Donc j'ai tout de même conclue par HijackThis e voici ce que j'y trouve. J'ai pas l'impression que je suis complètement désinfecté ...

Encore Merci pour voter aide ... :incline: :yes:

Logfile of HijackThis v1.99.1

Scan saved at 20:28:27, on 24/07/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\MMTray.exe

C:\WINDOWS\System32\MMTray2k.exe

C:\WINDOWS\System32\MMTrayLSI.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\WINDOWS\System32\mmsvc32.exe

C:\WINDOWS\System32\spools.exe

C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

C:\Program Files\Sensiva\Sensiva.exe

C:\Program Files\SuperCopier\SuperCopier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files\Java\j2re1.4.2_02\bin\javaw.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Spy Sweeper\SpySweeper.exe

C:\Program Files\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Java\j2re1.4.2_02\javaws\javaws.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: 85.192.32.112 lloydstsb.co.uk

O1 - Hosts: 85.192.32.112 online.lloydstsb.co.uk

O1 - Hosts: 85.192.32.112 www.lloydstsb.co.uk

O1 - Hosts: 85.192.32.112 www.lloydstsb.com

O1 - Hosts: 85.192.32.112 personal.barclays.co.uk

O1 - Hosts: 85.192.32.112 barclays.co.uk

O1 - Hosts: 85.192.32.112 ibank.barclays.co.uk

O1 - Hosts: 85.192.32.112 www.barclays.co.uk

O1 - Hosts: 85.192.32.112 www.nwolb.com

O1 - Hosts: 85.192.32.112 nwolb.com

O1 - Hosts: 85.192.32.112 hsbc.co.uk

O1 - Hosts: 85.192.32.112 www.hsbc.co.uk

O1 - Hosts: 85.192.32.112 abbey.com

O1 - Hosts: 85.192.32.112 www.abbey.com

O1 - Hosts: 85.192.32.112 www.abbey.co.uk

O1 - Hosts: 85.192.32.112 abbey.co.uk

O1 - Hosts: 85.192.32.112 cahoot.com

O1 - Hosts: 85.192.32.112 www.cahoot.com

O1 - Hosts: 85.192.32.112 www.cahoot.co.uk

O1 - Hosts: 85.192.32.112 cahoot.co.uk

O1 - Hosts: 85.192.32.112 www.co-operativebank.co.uk

O1 - Hosts: 85.192.32.112 co-operativebank.co.uk

O1 - Hosts: 85.192.32.112 www.co-operativebank.com

O1 - Hosts: 85.192.32.112 co-operativebank.com

O1 - Hosts: 85.192.32.112 welcome2.co-operativebankonline.co.uk

O1 - Hosts: 85.192.32.112 welcome6.co-operativebankonline.co.uk

O1 - Hosts: 85.192.32.112 welcome8.co-operativebankonline.co.uk

O1 - Hosts: 85.192.32.112 welcome10.co-operativebankonline.co.uk

O1 - Hosts: 85.192.32.112 www.smile.co.uk

O1 - Hosts: 85.192.32.112 smile.co.uk

O1 - Hosts: 85.192.32.112 www.cajamar.es

O1 - Hosts: 85.192.32.112 cajamar.es

O1 - Hosts: 85.192.32.112 www.cajamar.com

O1 - Hosts: 85.192.32.112 www.unicaja.es

O1 - Hosts: 85.192.32.112 unicaja.es

O1 - Hosts: 85.192.32.112 www.unicaja.com

O1 - Hosts: 85.192.32.112 unicaja.com

O1 - Hosts: 85.192.32.112 www.caixagalicia.es

O1 - Hosts: 85.192.32.112 caixagalicia.es

O1 - Hosts: 85.192.32.112 www.caixagalicia.com

O1 - Hosts: 85.192.32.112 caixagalicia.com

O1 - Hosts: 85.192.32.112 activa.caixagalicia.es

O1 - Hosts: 85.192.32.112 www.caixapenedes.es

O1 - Hosts: 85.192.32.112 caixapenedes.es

O1 - Hosts: 85.192.32.112 www.caixapenedes.com

O1 - Hosts: 85.192.32.112 caixapenedes.com

O1 - Hosts: 85.192.32.112 bancae.caixapenedes.com

O1 - Hosts: 85.192.32.112 www.caixasabadell.es

O1 - Hosts: 85.192.32.112 caixasabadell.es

O1 - Hosts: 85.192.32.112 www.caixasabadell.net

O1 - Hosts: 85.192.32.112 caixasabadell.net

O1 - Hosts: 85.192.32.112 www.cajamadrid.es

O1 - Hosts: 85.192.32.112 cajamadrid.es

O1 - Hosts: 85.192.32.112 www.cajamadrid.com

O1 - Hosts: 85.192.32.112 cajamadrid.com

O1 - Hosts: 85.192.32.112 oi.cajamadrid.es

O1 - Hosts: 85.192.32.112 www.ccm.es

O1 - Hosts: 85.192.32.112 ccm.es

O1 - Hosts: 85.192.32.112 www.haspa.de

O1 - Hosts: 85.192.32.112 haspa.de

O1 - Hosts: 85.192.32.112 ssl2.haspa.de

O1 - Hosts: 85.192.32.112 www.dresdner-bank.de

O1 - Hosts: 85.192.32.112 dresdner-bank.de

O1 - Hosts: 85.192.32.112 www.dresdner-privat.de

O1 - Hosts: 85.192.32.112 postbank.de

O1 - Hosts: 85.192.32.112 www.postbank.de

O1 - Hosts: 85.192.32.112 banking.postbank.de

O1 - Hosts: 85.192.32.112 www.sparda-b.de

O1 - Hosts: 85.192.32.112 sparda-b.de

O1 - Hosts: 85.192.32.112 www.bankingonline.de

O1 - Hosts: 85.192.32.112 www.raiffeisenbank-erding.de

O1 - Hosts: 85.192.32.112 raiffeisenbank-erding.de

O1 - Hosts: 85.192.32.112 www.vr-networld-ebanking.de

O1 - Hosts: 85.192.32.112 vr-networld-ebanking.de

O1 - Hosts: 85.192.32.112 www.bnhof.de

O1 - Hosts: 85.192.32.112 bnhof.de

O1 - Hosts: 85.192.32.112 www.deutsche-bank.de

O1 - Hosts: 85.192.32.112 deutsche-bank.de

O1 - Hosts: 85.192.32.112 meine.deutsche-bank.de

O1 - Hosts: 85.192.32.112 www.citibank.de

O1 - Hosts: 85.192.32.112 citibank.de

O1 - Hosts: 85.192.32.112 cipehb13.cdg.citibank.de

O1 - Hosts: 85.192.32.112 www.dkb.de

O1 - Hosts: 85.192.32.112 dkb.de

O1 - Hosts: 85.192.32.112 www.sparkasse-regensburg.de

O1 - Hosts: 85.192.32.112 sparkasse-regensburg.de

O1 - Hosts: 85.192.32.112 www.berliner-bank.de

O1 - Hosts: 85.192.32.112 berliner-bank.de

O1 - Hosts: 85.192.32.112 www.berliner-sparkasse.de

O1 - Hosts: 85.192.32.112 berliner-sparkasse.de

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVidia System Utility] "C:\Program Files\NVIDIA Corporation\NVIDIA System Utility\\NVSystemUtility.exe" clear

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\RunServices: [Microsoft AOL Instant Messenger] MSAOL32.exe

O4 - HKCU\..\Run: [sensiva] "C:\Program Files\Sensiva\Sensiva.exe"

O4 - HKCU\..\Run: [superCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Sam.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/2/fr/SysWebTelecomInt.cab

O18 - Protocol: bw+0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {030EA46D-24B9-4EF3-8D8B-17646B291763} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINDOWS\System32\mapi32.exe (file missing)

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy Sweeper\WRSSSDK.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

snooky · le 24 juillet 2005

@ Quarky :

Dans IE6 : Outils / Options internet / Sécutité :

Sites sensibles et sites de confiance supprime tout ce qui s'y trouve ( clique sur " Sites , puis supprime )

Dans l'onglet " Sécurité " de IE6 , tous les niveaux" par défaut " .

Passe Ccleaner . ( supprime tout )

Fixer objet avec Hijackthis sur toutes les lignes 01 et 018

+

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVidia System Utility] "C:\Program Files\NVIDIA Corporation\NVIDIA System Utility\\NVSystemUtility.exe" clear

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exe>>>> Trojan à supprimer de ton pc impérativement !

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

O4 - Global Startup: Sam.lnk = ?

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

Désactive la restauration system .

Tu dois impérativement passer A² Squared .

Fait un Scan en ligne ici.

Pour ce fichier : mmsvc32.exe ( termine ce processus si présent dans le gestionnaire de tâches )

Utilise Bootdeleter Clic droit sur le fichier à supprimer , puis : Supprimer au reboot "

Dans Hijackthis : Config / Outils , il y a aussi cette fonction de " Suppression au reboot "Delete ( supprimer ) un fichier au reboot

Poste un nouveau rapport pour vérification .

Quarky · le 24 juillet 2005

Pour a² squarred, j'y peux rien : ca marche pas !

Encore un grand Merci pour tout ce que tu fais sur ce topic ... :transpi: :zarb:

Quarky · le 24 juillet 2005

Bon grace @ snooky qui se démène, il y a du mieux !!!! :transpi: :zarb:

Logfile of HijackThis v1.99.1

Scan saved at 22:22:53, on 24/07/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Spy Sweeper\SpySweeper.exe

C:\Program Files\Sensiva\Sensiva.exe

C:\Program Files\SuperCopier\SuperCopier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE