Se connecter / S'enregistrer
Votre question

dcom exploit et parfois lsass + rapport hijacks [resolu]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Janvier 2007 12:52:16

bonjour,

J'ai un probléme depuis ce matin, avast m'annonce une attaque, et c'est tojours la même. J'ai passé spybot, adaware et une verif du dd avec avast. Et même aprés que ces trois logiciels est passé mes DD au peigne fin, j'ai toujours cette alerte. Vous n'avez pas une petite idée?
J'ai aussi fait une fverif par le siute de symantec.
j'ai lu un peu de partout que cela venait d'un probléme de firewall, mais j'ai un routeur (freebox) . comment faire ?
je vous remercie pour votre futur aide :D 



et voila un rapport de hijacks:
Logfile of HijackThis v1.99.1
Scan saved at 12:36:14, on 17/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
D:\PROG\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09A1148C-DC06-A5F3-3BEE-247C0A81DCC6} - C:\WINDOWS\system32\cjebrmcw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54BFB76B-DB91-AD69-E4FE-FC185A211C10} - C:\WINDOWS\system32\lqoocpnf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dahaxeze] C:\WINDOWS\system32\dahaxeze.exe
O4 - HKLM\..\Run: [suixdmev] C:\WINDOWS\system32\suixdmev.exe
O4 - HKLM\..\Run: [kmbhbnpl] C:\WINDOWS\system32\kmbhbnpl.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG2
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O18 - Protocol: bw+0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\system32\msupd.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

Autres pages sur : dcom exploit lsass rapport hijacks resolu

a b 8 Sécurité
17 Janvier 2007 15:11:56

Bonjour,

Tu es infecté.

- Clique-Droit sur Hijackthis.exe :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide
- Poste ensuite un nouveau rapport.
17 Janvier 2007 18:27:41

voila j'ai renommé en Scanner.exe
Mais pourquoi il faut renommer le logiciel ?
Sinon vous pensez que je crains quelque chose en surfant sur le net, parce que avast arrive quand même à bloquer dcom et lsass.

Logfile of HijackThis v1.99.1
Scan saved at 18:27:15, on 17/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\PROG\Sanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09A1148C-DC06-A5F3-3BEE-247C0A81DCC6} - C:\WINDOWS\system32\cjebrmcw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54BFB76B-DB91-AD69-E4FE-FC185A211C10} - C:\WINDOWS\system32\lqoocpnf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dahaxeze] C:\WINDOWS\system32\dahaxeze.exe
O4 - HKLM\..\Run: [suixdmev] C:\WINDOWS\system32\suixdmev.exe
O4 - HKLM\..\Run: [kmbhbnpl] C:\WINDOWS\system32\kmbhbnpl.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG2
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O18 - Protocol: bw+0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\system32\msupd.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
Contenus similaires
a b 8 Sécurité
17 Janvier 2007 18:29:42

Permet de vérifier une chose.

  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    17 Janvier 2007 18:34:40

    voila le nouveau rapport de combofix :
    En tout cas chapeau pour ta rapidité Angeldark
    07-01-17 18:31:10 Service Pack 2
    ComboFix 07-01-16.2 - Running from: "C:\Program Files\Mozilla Firefox"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\All Users\Documents\setup.exe


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))


    2007-01-17 11:37 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-01-16 18:24 225,280 --a------ C:\WINDOWS\system32\rewire.dll
    2007-01-16 18:24 <REP> d-------- C:\Program Files\VstPlugins
    2007-01-16 18:22 <REP> d-------- C:\Program Files\Image-Line
    2007-01-11 06:24 <REP> d--hs---- C:\FOUND.007
    2007-01-10 08:07 <REP> d-------- C:\WINDOWS\ie7updates
    2006-12-20 18:27 <REP> d-------- C:\WINDOWS\WBEM
    2006-12-20 18:27 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2006-12-20 18:26 <REP> d--h----- C:\WINDOWS\ie7
    2006-12-20 18:24 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2006-12-20 18:23 <REP> d-------- C:\WINDOWS\network diagnostic
    2006-12-20 18:09 <REP> d--hs---- C:\FOUND.006


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-15 18:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
    2007-01-15 18:26 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-01-15 18:25 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-01-15 18:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
    2006-12-21 00:56 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2006-12-21 00:56 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-12-21 00:51 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-12-11 18:01 -------- d-------- C:\Program Files\oo software
    2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-12-05 07:17 -------- d-------- C:\Program Files\softick
    2006-12-05 07:07 -------- d-------- C:\DOCUME~1\GIROUD~1\Application Data\transrender
    2006-12-05 07:07 -------- d-------- C:\DOCUME~1\GIROUD~1\Application Data\converttemp
    2006-12-01 10:42 -------- d-------- C:\Program Files\harrap's multim‚dia
    2006-11-27 16:42 -------- d-------- C:\Program Files\microsoft sql server
    2006-11-27 16:31 95 --a------ C:\AUTOEXEC.BAT
    2006-11-27 16:06 -------- d-------- C:\Program Files\daemon tools
    2006-11-27 15:43 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2006-11-23 13:58 -------- d-------- C:\Program Files\audacity
    2006-11-23 13:45 995383 --a------ C:\WINDOWS\system32\mfctb.dll
    2006-11-23 13:45 61440 --a------ C:\WINDOWS\vipunins.exe
    2006-11-23 13:45 290869 --a------ C:\WINDOWS\system32\msvctb.dll
    2006-11-21 22:12 -------- d-------- C:\Program Files\quicktime
    2006-11-21 22:07 -------- d-------- C:\Program Files\ipod
    2006-11-21 22:06 -------- d-------- C:\Program Files\itunes
    2006-11-21 22:05 -------- d-------- C:\Program Files\apple software update
    2006-11-17 13:10 -------- d-------- C:\Program Files\msxml 4.0
    2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-30 14:10 4194441 --a------ C:\DOCUME~1\GIROUD~1\Application Data\sdi.db
    2006-10-20 02:38 716800 --a------ C:\WINDOWS\system32\sxs.dll
    2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
    2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-10-05 17:12 81920 --a------ C:\DOCUME~1\GIROUD~1\Application Data\ezpinst.exe
    2006-10-05 17:12 7176 --a------ C:\DOCUME~1\GIROUD~1\Application Data\pcouffin.cat
    2006-10-05 17:12 47360 --a------ C:\DOCUME~1\GIROUD~1\Application Data\pcouffin.sys
    2006-10-05 17:12 34 --a------ C:\DOCUME~1\GIROUD~1\Application Data\pcouffin.log
    2006-10-05 17:12 1144 --a------ C:\DOCUME~1\GIROUD~1\Application Data\pcouffin.inf


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="Alaunch"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "Logitech Utility"="Logi_MwX.Exe"
    "dahaxeze"="C:\\WINDOWS\\system32\\dahaxeze.exe"
    "suixdmev"="C:\\WINDOWS\\system32\\suixdmev.exe"
    "kmbhbnpl"="C:\\WINDOWS\\system32\\kmbhbnpl.exe"
    "LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
    "PDF Converter Registry Controller"="\"C:\\Program Files\\ScanSoft\\PDF Converter\\RegistryController.exe\""
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "epm-dm"="c:\\acer\\epm\\epm-dm.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma Loader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma Loader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
    "item"="Lancement rapide d'Adobe Reader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logitech Desktop Messenger.lnk"
    "backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
    "item"="Logitech Desktop Messenger"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^giroud gregory^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
    "path"="C:\\Documents and Settings\\giroud gregory\\Menu Démarrer\\Programmes\\Démarrage\\Yahoo! Widget Engine.lnk"
    "backup"="C:\\WINDOWS\\pss\\Yahoo! Widget Engine.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\Yahoo!\\WIDGET~1\\YAHOOW~1.EXE "
    "item"="Yahoo! Widget Engine"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Anti-Blaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Anti-Blaxx\\Anti-Blaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Ares"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="epm-dm"
    "hkey"="HKLM"
    "command"="c:\\acer\\epm\\epm-dm.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ePM"
    "hkey"="HKLM"
    "command"="C:\\Acer\\ePM\\ePM.exe boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LogitechDesktopMessenger"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NBJ"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Shareaza"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winampa"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Winamp\\winampa.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "aspnet_state"=dword:00000003
    "AppMgmt"=dword:00000003

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    bthsvcs REG_MULTI_SZ BthServ\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Low Battery Alarm Program.job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    Completion time: 07-01-17 18:33:03
    a b 8 Sécurité
    17 Janvier 2007 18:38:26

    Re,

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    O2 - BHO: (no name) - {09A1148C-DC06-A5F3-3BEE-247C0A81DCC6} - C:\WINDOWS\system32\cjebrmcw.dll
    O2 - BHO: (no name) - {54BFB76B-DB91-AD69-E4FE-FC185A211C10} - C:\WINDOWS\system32\lqoocpnf.dll (file missing)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
    O4 - HKLM\..\Run: [dahaxeze] C:\WINDOWS\system32\dahaxeze.exe
    O4 - HKLM\..\Run: [suixdmev] C:\WINDOWS\system32\suixdmev.exe
    O4 - HKLM\..\Run: [kmbhbnpl] C:\WINDOWS\system32\kmbhbnpl.exe
    O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG2

    Clique sur Fix checked (en bas à gauche)

    Télécharge KillBox d'Option^Explicit.
    Dézippe le dans un dossier ou sur ton bureau (Clique droit puis Extraire Tout).

    Selectionne le texte dans le cadre :

    Citation :
    C:\WINDOWS\system32\dahaxeze.exe
    C:\WINDOWS\system32\suixdmev.exe
    C:\WINDOWS\system32\kmbhbnpl.exe


    ---> Clique Droit puis Copier.
    ----------

    -- Ouvre Killbox.exe
    -- Choisis "Delete on reboot"
    -- Clique sur :
    - " File " -> " Paste from Clipboard "
    - " All Files "

    Pour terminer clique sur [:angeldark:3]

    Une question te sera alors posée :
    " File will be Removed on Reboot, Do you want to reboot now ? "

    -- Répond par OUI, un compte à rebours s'enclenche, ton PC va redémarrer.
    -- Après redémarrage, relance Killbox puis clique sur le menu : Files -> Logs -> Actions History Log, poste ce rapport ici.

    NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!"
    Redémarre ton PC manuellement.

    AIDE : Tuto sur KillBox (Jesses)

    Suis cette procédure à la lettre.
    17 Janvier 2007 19:04:28

    Voila le rapport, par contre j'ai toujours les attaques
    Sinon j'ai pas fait la derniére procédure : http://www.malekal.com/Trojan-Proxy.Win32.Horst.php

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as gregory(Administrator)
    was started @ mercredi, janvier 17, 2007, 6:43 PM

    Killbox Closed(Exit) @ 6:44:25 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as gregory(Administrator)
    was started @ mercredi, janvier 17, 2007, 6:44 PM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\system32\dahaxeze.exe


    # 2 [Delete on Reboot]
    Path = C:\WINDOWS\system32\suixdmev.exe


    # 3 [Delete on Reboot]
    Path = C:\WINDOWS\system32\kmbhbnpl.exe


    # 4 [Delete on Reboot]
    Path = C:\WINDOWS\system32\dahaxeze.exe


    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 6:49:04 PM
    Killbox Closed(Exit) @ 6:49:47 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as gregory(Administrator)
    was started @ mercredi, janvier 17, 2007, 6:52 PM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\system32\suixdmev.exe


    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 6:53:53 PM
    Killbox Closed(Exit) @ 6:53:58 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as gregory(Administrator)
    was started @ mercredi, janvier 17, 2007, 6:56 PM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\system32\kmbhbnpl.exe


    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 6:58:06 PM
    Killbox Closed(Exit) @ 6:58:27 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as gregory(Administrator)
    was started @ mercredi, janvier 17, 2007, 7:01 PM

    a b 8 Sécurité
    17 Janvier 2007 19:20:01

    Fais la procédure du site de Malekal.
    17 Janvier 2007 19:38:00

    heu je comprend pas le tuto de Malekal : "Supprime les fichiers setup.exe ou data.exe détecté par votre antivirus" le probléme c'est que avast marque juste dcom exploit attque avec son adresse ip et c'est tout.
    Sinon le fait d'activer le parfeu de windows, ne m'arrange pas, de toute façon j'ai mon routeur de la freebox qui fait office de parefeu non?
    a b 8 Sécurité
    17 Janvier 2007 19:43:06

    Citation :
    heu je comprend pas le tuto de Malekal : "Supprime les fichiers setup.exe ou data.exe détecté par votre antivirus" le probléme c'est que avast marque juste dcom exploit attque avec son adresse ip et c'est tout.

    Laisse tomber.

    Citation :
    Sinon le fait d'activer le parfeu de windows, ne m'arrange pas, de toute façon j'ai mon routeur de la freebox qui fait office de parefeu non?

    Tout dépend s'il est activé en routeur.
    17 Janvier 2007 19:51:11

    oui justement je l'ai activé en routeur, c'est pour ça que le firewall de windows ne sertà rien.
    Sinon tu n'as pas une idée d'ou pourrait venir ce trojan? et comment le suppromier parce que sa me saoul de le voir m'attaquer sans cesse.
    a b 8 Sécurité
    17 Janvier 2007 20:20:15

    Reposte un rapport Hijackthis.
    17 Janvier 2007 21:01:21

    Logfile of HijackThis v1.99.1
    Scan saved at 21:01:12, on 17/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\acer\epm\epm-dm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    D:\PROG\Scanner.exe.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
    O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O18 - Protocol: bw+0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {9B311B55-5D24-4BEA-9EBD-EED6E69DAAA0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
    O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\system32\msupd.exe (file missing)
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

    a b 8 Sécurité
    17 Janvier 2007 21:06:31

    Re,

    Citation :
    - Assure toi d'avoir accès aux dossiers/fichiers cachés
    -> Démarrer
    -> Panneau de configuration
    -> Options des Dossiers, onglet Affichage :
    . Clique sur Afficher les dossiers cachés
    . Décoche Masquer les extensions des fichiers dont le type est connu
    . Décoche Masquer les fichiers protégés du système d'exploitation


    Va sur le site de VirusTotal
    Clique sur Parcourir... puis ouvre:

    C:\WINDOWS\system32\msupd.exe

    Clique ensuite sur Send
    Poste le rapport en fin d'analyse.

    Si tu vois ce message:
    " Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
    Il te faudra patienter.
    17 Janvier 2007 21:28:40

    merci pour le site, mais je n'ai pas le fichier msupd.exe !???! je ne l'ai pas trouver même avec l'aide de windows.
    a b 8 Sécurité
    18 Janvier 2007 20:23:37

    Re,

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Configurer le contrôle des ActiveX

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    20 Janvier 2007 15:11:31

    ok merci je tente tout ça dés demain, parce que là je suis rentré chez mes parents et le 56K sé pas top :D 

    Sinon je voulais savoir, si aucune des solutions n'arrivent à marcher, est ce que je dois formater mes DD et les attaques cesseront. Où alors je peux laisser les attaques vu que avast les bloque et continuer à naviguer sur le net en toute tranquilité?

    PS: cela fait un peu plus d'une heure que je suis sur le net, et je n'ai toujours pas eu d'attaque.
    Donc est ce qu'il y a un lien avec la freebox?
    a b 8 Sécurité
    20 Janvier 2007 17:58:42

    Le scan Kaspersky nous dira plus d'infos.

    Citation :
    PS: cela fait un peu plus d'une heure que je suis sur le net, et je n'ai toujours pas eu d'attaque.
    Donc est ce qu'il y a un lien avec la freebox?

    Cela vient surement de ce qu'on a déjà fait :D 
    21 Janvier 2007 19:46:19

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Sunday, January 21, 2007 7:45:37 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 21/01/2007
    Enregistrements dans la base antivirus Kaspersky : 260576
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: étendue
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    C:\
    D:\
    E:\
    I:\

    Statistiques de l'analyse:
    Total d'objets analysés: 66742
    Nombre de virus trouvés: 3
    Nombre d'objets infectés: 3 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 02:24:28

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\km1rbhi8.ini Infecté : not-a-virus:AdWare.Win32.Sahat.ao ignoré
    C:\WINDOWS\Temp\Perflib_Perfdata_f8.dat L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\Perflib_Perfdata_784.dat L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\Perflib_Perfdata_51c.dat L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\EventCache\{1972B85B-93E5-419B-8055-DDD01162A850}.bin L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Documents\setup.exe Infecté : Trojan-Downloader.Win32.Agent.aii ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\giroud gregory\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\giroud gregory\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\giroud gregory\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\giroud gregory\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\giroud gregory\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\giroud gregory\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\giroud gregory\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\LOG\ERRORLOG L'objet est verrouillé ignoré
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\master.mdf L'objet est verrouillé ignoré
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\mastlog.ldf L'objet est verrouillé ignoré
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\model.mdf L'objet est verrouillé ignoré
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\modellog.ldf L'objet est verrouillé ignoré
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\tempdb.mdf L'objet est verrouillé ignoré
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\templog.ldf L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP288\A0077968.dll Infecté : not-a-virus:AdWare.Win32.SmartPops.d ignoré
    C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP291\change.log L'objet est verrouillé ignoré
    D:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP291\change.log L'objet est verrouillé ignoré

    Analyse terminée.
    a b 8 Sécurité
    21 Janvier 2007 21:26:58

    Re,

    Supprime ce fichier :
    C:\WINDOWS\system32\km1rbhi8.ini

    Suis cette procédure à la lettre.
    Repasse nous voir ensuite :D 
    21 Janvier 2007 21:53:39

    heu, tu m'avais déja donné le lien vers cette procédure, mais ça ne peux pas marcher parce que mon antivirus ne détecte pas de setup.exe ou data.exe infecté.
    Donc je supprime C:\WINDOWS\system32\km1rbhi8.ini manuellement ?

    PS: je n'ai pas eu d'attaqu de toute l'aprés midi
    a b 8 Sécurité
    21 Janvier 2007 22:01:16

    Supprime le manuellement ;) 
    21 Janvier 2007 22:11:11

    c'est bon je l'ai supprimé. Mais ce fichier datait de juillet 2005, il était infecté ?
    a b 8 Sécurité
    22 Janvier 2007 18:06:25

    Oui.
    Tu as fait la procédure de Malekal ?
    22 Janvier 2007 18:28:19

    je peux pas suivre la procedure de malekal : voir les deux autres posts ou je t'ai répondu que mon antivirus ne trouve pas de setup ou data.exe infecté
    a b 8 Sécurité
    22 Janvier 2007 18:33:28

    Fais quand même la suite.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS