ORDIN INFECTE WIN 32 ET autres
Fermé
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
-
11 janv. 2009 à 10:59
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024 - 14 janv. 2009 à 13:10
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024 - 14 janv. 2009 à 13:10
A voir également:
- ORDIN INFECTE WIN 32 ET autres
- Poweriso 32 bit - Télécharger - Gravure
- 32 bits - Guide
- Telecharger win rar - Télécharger - Compression & Décompression
- Win zip - Télécharger - Compression & Décompression
- Win setup from usb - Télécharger - Utilitaires
24 réponses
danilink
Messages postés
8
Date d'inscription
dimanche 11 janvier 2009
Statut
Membre
Dernière intervention
11 janvier 2009
1
11 janv. 2009 à 11:06
11 janv. 2009 à 11:06
idem.
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
11 janv. 2009 à 11:10
11 janv. 2009 à 11:10
Petite précision, quand je lance NOD32 iL ME PR2CISE QUE LE VIRUS WIN32/adware.Virtumonde est détecté en mémoire et il me propose uniquement de le laisser.??????????????
J'y comprends plus rien.
J'y comprends plus rien.
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
11 janv. 2009 à 17:20
11 janv. 2009 à 17:20
Au secours,
mon ordi devient de moins en moins stable.
Mon antivirus devient fou. Est-ce bon signe?
J'ai passé Malwarebytes' Anti-Malware mais j'ai toujours des problèmes.
HELP !!!!!!!!!!!!!!!!!!!!
mon ordi devient de moins en moins stable.
Mon antivirus devient fou. Est-ce bon signe?
J'ai passé Malwarebytes' Anti-Malware mais j'ai toujours des problèmes.
HELP !!!!!!!!!!!!!!!!!!!!
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
11 janv. 2009 à 17:29
11 janv. 2009 à 17:29
Je vois que certains envoi le rapport de malawarebytes. Voici le mien
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1642
Windows 5.1.2600 Service Pack 3
11/01/2009 17:05:57
mbam-log-2009-01-11 (17-05-57).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 151650
Temps écoulé: 32 minute(s), 33 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\ati6qtxx.sys (Rootkit.Agent) -> Delete on reboot.
Voici le rapport HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:46, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll
O20 - Winlogon Notify: btqbanfi - C:\WINDOWS\SYSTEM32\btqbanfi.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1642
Windows 5.1.2600 Service Pack 3
11/01/2009 17:05:57
mbam-log-2009-01-11 (17-05-57).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 151650
Temps écoulé: 32 minute(s), 33 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\ati6qtxx.sys (Rootkit.Agent) -> Delete on reboot.
Voici le rapport HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:46, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll
O20 - Winlogon Notify: btqbanfi - C:\WINDOWS\SYSTEM32\btqbanfi.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
12 janv. 2009 à 08:55
12 janv. 2009 à 08:55
Je précise : je n'ai plus du tout accès aux partition. Le message suivant apparait :
C/\resycled\boot.com n'est pas une application win32 valide.
Je tente un nouveau scan avec mon antivirus en attendant une main tendue.
Merçi
C/\resycled\boot.com n'est pas une application win32 valide.
Je tente un nouveau scan avec mon antivirus en attendant une main tendue.
Merçi
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
12 janv. 2009 à 09:47
12 janv. 2009 à 09:47
Bonjour,
Telecharge et installe Findykill
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
execute le choisit ta langue et fait option 1 et poste le rapport stp
Telecharge et installe Findykill
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
execute le choisit ta langue et fait option 1 et poste le rapport stp
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
12 janv. 2009 à 10:15
12 janv. 2009 à 10:15
Voilà mon rapport, merci beaucoup
----------------- FindyKill V4.711 ------------------
* User : FAMILLE - SEVENO-E025D8F5
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 10:09:03 le 12/01/2009
* Windows XP - Internet Explorer 6.0.2900.5512
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\11398.EXE-1E1E3657.pf
Found ! - C:\WINDOWS\prefetch\1264310058.EXE-1F009872.pf
Found ! - C:\WINDOWS\prefetch\1375091308.EXE-00A2A56C.pf
Found ! - C:\WINDOWS\prefetch\15597.EXE-03897FED.pf
Found ! - C:\WINDOWS\prefetch\16855.EXE-35D9DB01.pf
Found ! - C:\WINDOWS\prefetch\1697097124.EXE-3822447A.pf
Found ! - C:\WINDOWS\prefetch\253.EXE-08154F1A.pf
Found ! - C:\WINDOWS\prefetch\2650189420.EXE-0BBD6E85.pf
Found ! - C:\WINDOWS\prefetch\2792958256.EXE-241F31F2.pf
Found ! - C:\WINDOWS\prefetch\2798114506.EXE-2944DEC6.pf
Found ! - C:\WINDOWS\prefetch\3079967762.EXE-1E8A2410.pf
Found ! - C:\WINDOWS\prefetch\3334502658.EXE-23EEC6AA.pf
Found ! - C:\WINDOWS\prefetch\3683041828.EXE-1370615E.pf
Found ! - C:\WINDOWS\prefetch\3760229328.EXE-024669D7.pf
Found ! - C:\WINDOWS\prefetch\3867885578.EXE-30C30672.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\FAMILLE\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\FAMILLE\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\FAMILLE\Local Settings\Temporary Internet Files\Content.IE5
Found ! [26/04/2000 17:41] - C:\Program Files\ScanButton 3.0\Web-ClubPhoto\UPLOAD\filelist.txt
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nod32kui="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="F:\iTunes2\iTunesHelper.exe"
eCarteBleue-CDE-P3=C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NoteBurner=C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
Logitech Hardware Abstraction Layer=KHALMNPR.EXE
WinampAgent="C:\Program Files\Winamp\winampa.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Clés infectieuses ] ----------------
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio - Type de démarrage = 3
EapHost - Type de démarrage = 3
Ip6Fw - Type de démarrage = 3
SharedAccess - Type de démarrage = 2
/!\ wuauserv - Type de démarrage = 4
wscsvc - Type de démarrage = 2
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur fixe
G: - Lecteur fixe
L: - Lecteur fixe
O: - Lecteur fixe
P: - Lecteur fixe
S: - Lecteur de CD-ROM
+- Contenu de l'autorun : D:\autorun.inf
[autorun]
;xewigpcpcpuoxwjxquilstutaclluznjxgmqxsevebotnss
shellexecute="resycled\boot.com d:"
;uqbpzwedbaderoksyljgfgfayysluprgijbhpufbrjailcpjdzsagtcsqzndnswvigkhy
shell\Open\command="resycled\boot.com d:"
;fuwvvrjaoyiroompdnjdbnsmvjsflkmawllvboxja
+- Contenu de l'autorun : L:\autorun.inf
[autorun]
;zfrxlwetzzzqgsyvztqfodugjanrbatiqoxixuadgkraytifwoypazpxbwnezuapfelevzai
shellexecute="resycled\boot.com l:"
;jxoqlrromyjfwfqpgzqyjpydasrdrvmuwudwhtyqjdohiqkoindafrhfwpxgnismmpwyhdevtzmbdbro
shell\Open\command="resycled\boot.com l:"
;jqhut
+- Contenu de l'autorun : O:\autorun.inf
[autorun]
;pomhvxmtjwukmwvduynhwufxxmpcbpyyhfvh
shellexecute="resycled\boot.com o:"
;ivaapicrpioglg
shell\Open\command="resycled\boot.com o:"
;svszycivgnstjjfaxuakyjedfgjxnuhlwttdbflijfaehvdmmfuibpopbvjcgkyseb
shell=Open
;jsyrullfspfypsbah
+- Contenu de l'autorun : P:\autorun.inf
[autorun]
;ajmtgfktluwrpaidmnpmrnacnyugtxrhrxrnaucpcgpbjnhdvkzlujyeovgkiulzmfbnzllddjkztvgmbztwljxxoctjkgfczbpz
shellexecute="resycled\boot.com p:"
;ljvwigvozngimuaevsjkxgbndclyowxnpwoogjejovnvexrjsveqlepccrqcxkdzjyndcmggavzivqkudaiqzl
shell\Open\comm
+- Contenu de l'autorun : S:\autorun.inf
[AutoRun]
open=Autorun.exe
icon=Install\swgbg.ico
+- presence des fichiers :
Found ! [11/01/2009 17:13][-r-hs----] - D:\autorun.inf
Found ! [11/01/2009 17:13][-r-hs----] - L:\autorun.inf
Found ! [11/01/2009 17:13][-r-hs----] - O:\autorun.inf
Found ! [11/01/2009 17:13][-r-hs----] - P:\autorun.inf
Found ! [03/08/2001 11:53][-r-------] - S:\autorun.inf
--------------- [ Registre / Mountpoint2 ] ----------------
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{631190c0-b222-11dc-a0f5-b8e6e963083f}\Shell\AutoRun\command
------------------- ! Fin du rapport ! --------------------
Je ne sais plus si je l'ai mentionné mais, j'ai toujours un message d'alerte de sécurité windows, hors tout est bien coché.
Autre petite question.
NOD 32 et Malwarebytes' Anti-Malware font ils bon menage?
----------------- FindyKill V4.711 ------------------
* User : FAMILLE - SEVENO-E025D8F5
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 10:09:03 le 12/01/2009
* Windows XP - Internet Explorer 6.0.2900.5512
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\11398.EXE-1E1E3657.pf
Found ! - C:\WINDOWS\prefetch\1264310058.EXE-1F009872.pf
Found ! - C:\WINDOWS\prefetch\1375091308.EXE-00A2A56C.pf
Found ! - C:\WINDOWS\prefetch\15597.EXE-03897FED.pf
Found ! - C:\WINDOWS\prefetch\16855.EXE-35D9DB01.pf
Found ! - C:\WINDOWS\prefetch\1697097124.EXE-3822447A.pf
Found ! - C:\WINDOWS\prefetch\253.EXE-08154F1A.pf
Found ! - C:\WINDOWS\prefetch\2650189420.EXE-0BBD6E85.pf
Found ! - C:\WINDOWS\prefetch\2792958256.EXE-241F31F2.pf
Found ! - C:\WINDOWS\prefetch\2798114506.EXE-2944DEC6.pf
Found ! - C:\WINDOWS\prefetch\3079967762.EXE-1E8A2410.pf
Found ! - C:\WINDOWS\prefetch\3334502658.EXE-23EEC6AA.pf
Found ! - C:\WINDOWS\prefetch\3683041828.EXE-1370615E.pf
Found ! - C:\WINDOWS\prefetch\3760229328.EXE-024669D7.pf
Found ! - C:\WINDOWS\prefetch\3867885578.EXE-30C30672.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\FAMILLE\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\FAMILLE\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\FAMILLE\Local Settings\Temporary Internet Files\Content.IE5
Found ! [26/04/2000 17:41] - C:\Program Files\ScanButton 3.0\Web-ClubPhoto\UPLOAD\filelist.txt
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nod32kui="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="F:\iTunes2\iTunesHelper.exe"
eCarteBleue-CDE-P3=C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NoteBurner=C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
Logitech Hardware Abstraction Layer=KHALMNPR.EXE
WinampAgent="C:\Program Files\Winamp\winampa.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Clés infectieuses ] ----------------
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio - Type de démarrage = 3
EapHost - Type de démarrage = 3
Ip6Fw - Type de démarrage = 3
SharedAccess - Type de démarrage = 2
/!\ wuauserv - Type de démarrage = 4
wscsvc - Type de démarrage = 2
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur fixe
G: - Lecteur fixe
L: - Lecteur fixe
O: - Lecteur fixe
P: - Lecteur fixe
S: - Lecteur de CD-ROM
+- Contenu de l'autorun : D:\autorun.inf
[autorun]
;xewigpcpcpuoxwjxquilstutaclluznjxgmqxsevebotnss
shellexecute="resycled\boot.com d:"
;uqbpzwedbaderoksyljgfgfayysluprgijbhpufbrjailcpjdzsagtcsqzndnswvigkhy
shell\Open\command="resycled\boot.com d:"
;fuwvvrjaoyiroompdnjdbnsmvjsflkmawllvboxja
+- Contenu de l'autorun : L:\autorun.inf
[autorun]
;zfrxlwetzzzqgsyvztqfodugjanrbatiqoxixuadgkraytifwoypazpxbwnezuapfelevzai
shellexecute="resycled\boot.com l:"
;jxoqlrromyjfwfqpgzqyjpydasrdrvmuwudwhtyqjdohiqkoindafrhfwpxgnismmpwyhdevtzmbdbro
shell\Open\command="resycled\boot.com l:"
;jqhut
+- Contenu de l'autorun : O:\autorun.inf
[autorun]
;pomhvxmtjwukmwvduynhwufxxmpcbpyyhfvh
shellexecute="resycled\boot.com o:"
;ivaapicrpioglg
shell\Open\command="resycled\boot.com o:"
;svszycivgnstjjfaxuakyjedfgjxnuhlwttdbflijfaehvdmmfuibpopbvjcgkyseb
shell=Open
;jsyrullfspfypsbah
+- Contenu de l'autorun : P:\autorun.inf
[autorun]
;ajmtgfktluwrpaidmnpmrnacnyugtxrhrxrnaucpcgpbjnhdvkzlujyeovgkiulzmfbnzllddjkztvgmbztwljxxoctjkgfczbpz
shellexecute="resycled\boot.com p:"
;ljvwigvozngimuaevsjkxgbndclyowxnpwoogjejovnvexrjsveqlepccrqcxkdzjyndcmggavzivqkudaiqzl
shell\Open\comm
+- Contenu de l'autorun : S:\autorun.inf
[AutoRun]
open=Autorun.exe
icon=Install\swgbg.ico
+- presence des fichiers :
Found ! [11/01/2009 17:13][-r-hs----] - D:\autorun.inf
Found ! [11/01/2009 17:13][-r-hs----] - L:\autorun.inf
Found ! [11/01/2009 17:13][-r-hs----] - O:\autorun.inf
Found ! [11/01/2009 17:13][-r-hs----] - P:\autorun.inf
Found ! [03/08/2001 11:53][-r-------] - S:\autorun.inf
--------------- [ Registre / Mountpoint2 ] ----------------
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{631190c0-b222-11dc-a0f5-b8e6e963083f}\Shell\AutoRun\command
------------------- ! Fin du rapport ! --------------------
Je ne sais plus si je l'ai mentionné mais, j'ai toujours un message d'alerte de sécurité windows, hors tout est bien coché.
Autre petite question.
NOD 32 et Malwarebytes' Anti-Malware font ils bon menage?
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
12 janv. 2009 à 11:21
12 janv. 2009 à 11:21
ok donc donc deconnecte toi d'internet, ferme toutes tes application
ET branches tes clefs usb,disque dur externe, appareil photo...qui peuvent etre infectés, sans les ouvrir
et relance findykill en option 2 et poste le rapport puis après reposte un hijackthis
ET branches tes clefs usb,disque dur externe, appareil photo...qui peuvent etre infectés, sans les ouvrir
et relance findykill en option 2 et poste le rapport puis après reposte un hijackthis
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
12 janv. 2009 à 12:48
12 janv. 2009 à 12:48
Voila le résultat de ce que tu m'as demandé plopus,... Bon appétit.
Je m'aperçois également que je devrai avoir une discussion avec certain membre de ma famille.
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 12:23:17 the 12/01/2009
* Windows XP - Internet Explorer 6.0.2900.5512
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\11398.EXE-1E1E3657.pf
Deleted ! - C:\WINDOWS\prefetch\1264310058.EXE-1F009872.pf
Deleted ! - C:\WINDOWS\prefetch\1375091308.EXE-00A2A56C.pf
Deleted ! - C:\WINDOWS\prefetch\15597.EXE-03897FED.pf
Deleted ! - C:\WINDOWS\prefetch\16855.EXE-35D9DB01.pf
Deleted ! - C:\WINDOWS\prefetch\1697097124.EXE-3822447A.pf
Deleted ! - C:\WINDOWS\prefetch\253.EXE-08154F1A.pf
Deleted ! - C:\WINDOWS\prefetch\2650189420.EXE-0BBD6E85.pf
Deleted ! - C:\WINDOWS\prefetch\2792958256.EXE-241F31F2.pf
Deleted ! - C:\WINDOWS\prefetch\2798114506.EXE-2944DEC6.pf
Deleted ! - C:\WINDOWS\prefetch\3079967762.EXE-1E8A2410.pf
Deleted ! - C:\WINDOWS\prefetch\3334502658.EXE-23EEC6AA.pf
Deleted ! - C:\WINDOWS\prefetch\3683041828.EXE-1370615E.pf
Deleted ! - C:\WINDOWS\prefetch\3760229328.EXE-024669D7.pf
Deleted ! - C:\WINDOWS\prefetch\3867885578.EXE-30C30672.pf
»»»» Supression files in C:\WINDOWS\system32
»»»» Supression files in C:\WINDOWS\system32\drivers
»»»» Supression files in C:\Documents and Settings\FAMILLE\Application Data
»»»» Supression files in C:\DOCUME~1\FAMILLE\LOCALS~1\Temp
»»»» Supression files in C:\Documents and Settings\FAMILLE\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
EapHost - Type of startup = 2
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur fixe
G: - Lecteur fixe
L: - Lecteur fixe
O: - Lecteur fixe
P: - Lecteur fixe
S: - Lecteur de CD-ROM
T: - Lecteur amovible
+- deleting files :
Deleted ! - D:\autorun.inf
Deleted ! - L:\autorun.inf
Deleted ! - O:\autorun.inf
Deleted ! - P:\autorun.inf
Not deleted !! - S:\autorun.inf
Deleted ! - T:\autorun.inf
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Other Infections ] ----------------
--------------- [ Searching Cracks / Keygen ] ----------------
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\C&C Red Alert 2 (Full Game) crack keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\CnC 3 Tiberium Wars Kane Edition Keygen RazorDOX.rar.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command.&.Conquer.Red.Alert.3.Crack.und.Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_and_Conquer_3_Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\dbPowerAMP Music Converter 11.5 + Powerpack, Codec & Skins (CRACKeD).torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Keygen and Crack 1.2 Command and conquer3.exe.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Mahjong.Suite.2007.v4.3.Cracked-F4CG.torrent
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\BuildingImporter.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor2.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_FullEdit.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\For Health & Prosperity Click Here!.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\God's Yellow Pages.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\MannaTech.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\Work From Home!.url
C:\Documents and Settings\FAMILLE\Mes documents\mahjong suite2007\crack.zip
C:\Documents and Settings\FAMILLE\Recent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.lnk
C:\Documents and Settings\FAMILLE\Recent\Crack.lnk
C:\Documents and Settings\FAMILLE\Recent\C_C_1.03_Crack_by_Blizzard.lnk
C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw
---------------- ! End of report ! ------------------
HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:35, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Je m'aperçois également que je devrai avoir une discussion avec certain membre de ma famille.
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 12:23:17 the 12/01/2009
* Windows XP - Internet Explorer 6.0.2900.5512
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\11398.EXE-1E1E3657.pf
Deleted ! - C:\WINDOWS\prefetch\1264310058.EXE-1F009872.pf
Deleted ! - C:\WINDOWS\prefetch\1375091308.EXE-00A2A56C.pf
Deleted ! - C:\WINDOWS\prefetch\15597.EXE-03897FED.pf
Deleted ! - C:\WINDOWS\prefetch\16855.EXE-35D9DB01.pf
Deleted ! - C:\WINDOWS\prefetch\1697097124.EXE-3822447A.pf
Deleted ! - C:\WINDOWS\prefetch\253.EXE-08154F1A.pf
Deleted ! - C:\WINDOWS\prefetch\2650189420.EXE-0BBD6E85.pf
Deleted ! - C:\WINDOWS\prefetch\2792958256.EXE-241F31F2.pf
Deleted ! - C:\WINDOWS\prefetch\2798114506.EXE-2944DEC6.pf
Deleted ! - C:\WINDOWS\prefetch\3079967762.EXE-1E8A2410.pf
Deleted ! - C:\WINDOWS\prefetch\3334502658.EXE-23EEC6AA.pf
Deleted ! - C:\WINDOWS\prefetch\3683041828.EXE-1370615E.pf
Deleted ! - C:\WINDOWS\prefetch\3760229328.EXE-024669D7.pf
Deleted ! - C:\WINDOWS\prefetch\3867885578.EXE-30C30672.pf
»»»» Supression files in C:\WINDOWS\system32
»»»» Supression files in C:\WINDOWS\system32\drivers
»»»» Supression files in C:\Documents and Settings\FAMILLE\Application Data
»»»» Supression files in C:\DOCUME~1\FAMILLE\LOCALS~1\Temp
»»»» Supression files in C:\Documents and Settings\FAMILLE\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
EapHost - Type of startup = 2
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur fixe
G: - Lecteur fixe
L: - Lecteur fixe
O: - Lecteur fixe
P: - Lecteur fixe
S: - Lecteur de CD-ROM
T: - Lecteur amovible
+- deleting files :
Deleted ! - D:\autorun.inf
Deleted ! - L:\autorun.inf
Deleted ! - O:\autorun.inf
Deleted ! - P:\autorun.inf
Not deleted !! - S:\autorun.inf
Deleted ! - T:\autorun.inf
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Other Infections ] ----------------
--------------- [ Searching Cracks / Keygen ] ----------------
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\C&C Red Alert 2 (Full Game) crack keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\CnC 3 Tiberium Wars Kane Edition Keygen RazorDOX.rar.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command.&.Conquer.Red.Alert.3.Crack.und.Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_and_Conquer_3_Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\dbPowerAMP Music Converter 11.5 + Powerpack, Codec & Skins (CRACKeD).torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Keygen and Crack 1.2 Command and conquer3.exe.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Mahjong.Suite.2007.v4.3.Cracked-F4CG.torrent
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\BuildingImporter.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor2.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_FullEdit.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\For Health & Prosperity Click Here!.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\God's Yellow Pages.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\MannaTech.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\Work From Home!.url
C:\Documents and Settings\FAMILLE\Mes documents\mahjong suite2007\crack.zip
C:\Documents and Settings\FAMILLE\Recent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.lnk
C:\Documents and Settings\FAMILLE\Recent\Crack.lnk
C:\Documents and Settings\FAMILLE\Recent\C_C_1.03_Crack_by_Blizzard.lnk
C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw
---------------- ! End of report ! ------------------
HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:35, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
12 janv. 2009 à 14:58
12 janv. 2009 à 14:58
efface tous sa pour pas replonger + tous tes autres crack et keygen qui t'on infecté
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\C&C Red Alert 2 (Full Game) crack keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\CnC 3 Tiberium Wars Kane Edition Keygen RazorDOX.rar.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command.&.Conquer.Red.Alert.3.Crack.und.Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_and_Conquer_3_Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\dbPowerAMP Music Converter 11.5 + Powerpack, Codec & Skins (CRACKeD).torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Keygen and Crack 1.2 Command and conquer3.exe.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Mahjong.Suite.2007.v4.3.Cracked-F4CG.torrent
C:\Documents and Settings\FAMILLE\Recent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.lnk
ensuite as tu des fichiers comme sa a quoi sa corresspond City Life\Crack
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\BuildingImporter.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor2.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_FullEdit.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\For Health & Prosperity Click Here!.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\God's Yellow Pages.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\MannaTech.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\Work From Home!.url
C:\Documents and Settings\FAMILLE\Mes documents\mahjong suite2007\crack.zip
*
ensuite
relance hijackthis choisit "do a scan only" et coche les case a gauche des lignes :
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
deconnecte toi d'internet, ferme tout tes programme et puis clic fix checked en bas
ensuite met tes logiciel a jour dont internet explorer on est à la version 7 clik ici
https://www.flexera.com/products/operations/software-vulnerability-management.html
puis clic start scan et tous les logiciel avec un ecroix rouge , tu les mets a jour avec l'url fourni
puis pour controler et finir
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Clique sur Continue
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront poste les 2 rapports
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\C&C Red Alert 2 (Full Game) crack keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\CnC 3 Tiberium Wars Kane Edition Keygen RazorDOX.rar.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command.&.Conquer.Red.Alert.3.Crack.und.Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_and_Conquer_3_Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\dbPowerAMP Music Converter 11.5 + Powerpack, Codec & Skins (CRACKeD).torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Keygen and Crack 1.2 Command and conquer3.exe.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Mahjong.Suite.2007.v4.3.Cracked-F4CG.torrent
C:\Documents and Settings\FAMILLE\Recent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.lnk
ensuite as tu des fichiers comme sa a quoi sa corresspond City Life\Crack
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\BuildingImporter.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor2.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_FullEdit.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\For Health & Prosperity Click Here!.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\God's Yellow Pages.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\MannaTech.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\Work From Home!.url
C:\Documents and Settings\FAMILLE\Mes documents\mahjong suite2007\crack.zip
*
ensuite
relance hijackthis choisit "do a scan only" et coche les case a gauche des lignes :
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
deconnecte toi d'internet, ferme tout tes programme et puis clic fix checked en bas
ensuite met tes logiciel a jour dont internet explorer on est à la version 7 clik ici
https://www.flexera.com/products/operations/software-vulnerability-management.html
puis clic start scan et tous les logiciel avec un ecroix rouge , tu les mets a jour avec l'url fourni
puis pour controler et finir
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Clique sur Continue
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront poste les 2 rapports
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
12 janv. 2009 à 21:27
12 janv. 2009 à 21:27
Voilà les deux rapports. Je pense que je dois toujours avoir un indésirable car j'ai à nouveau le problème de sécurité windows, faussement déconnecté mais qui m 'empêche de faire la mise à jour de IE. Et en plus il ouvre des fenêtres intempestives. Au fait je suis sur firefox.
Logfile of random's system information tool 1.05 (written by random/random)
Run by FAMILLE at 2009-01-12 21:17:48
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (25%) free of 80 GB
Total RAM: 1024 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:09, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\FAMILLE\Bureau\RSIT.exe
C:\Program Files\trend micro\FAMILLE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {aa44a132-8e17-34fa-5b64-87620b650570} - {075056b0-2678-46b5-af43-71e8231a44aa} - C:\WINDOWS\system32\lecbjl.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DC13B472-6EDF-411D-A304-4C96274D1878} - C:\WINDOWS\system32\nnnonNgF.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\WINDOWS\system32\2638.dll,s
O4 - HKLM\..\Run: [a4d6547e] rundll32.exe "C:\WINDOWS\system32\xweflqxr.dll",b
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
O20 - Winlogon Notify: pmnoMCRl - C:\WINDOWS\SYSTEM32\pmnoMCRl.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by FAMILLE at 2009-01-12 21:17:48
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (25%) free of 80 GB
Total RAM: 1024 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:09, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\FAMILLE\Bureau\RSIT.exe
C:\Program Files\trend micro\FAMILLE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {aa44a132-8e17-34fa-5b64-87620b650570} - {075056b0-2678-46b5-af43-71e8231a44aa} - C:\WINDOWS\system32\lecbjl.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DC13B472-6EDF-411D-A304-4C96274D1878} - C:\WINDOWS\system32\nnnonNgF.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\WINDOWS\system32\2638.dll,s
O4 - HKLM\..\Run: [a4d6547e] rundll32.exe "C:\WINDOWS\system32\xweflqxr.dll",b
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
O20 - Winlogon Notify: pmnoMCRl - C:\WINDOWS\SYSTEM32\pmnoMCRl.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
12 janv. 2009 à 21:37
12 janv. 2009 à 21:37
ben oui en effet il doit te rester des choses ou plutot tu a du rajouter des choses non?
tu as installer des logiciels ou tu t'es servit de tes cracks? car tu as des nouvelles lignes
telecharge et installe navilog1
http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm
execute le et fait option 1 et poste le rapport stp
tu as installer des logiciels ou tu t'es servit de tes cracks? car tu as des nouvelles lignes
telecharge et installe navilog1
http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm
execute le et fait option 1 et poste le rapport stp
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
13 janv. 2009 à 09:31
13 janv. 2009 à 09:31
En fait, j'ai supprimé pas mal surtout et c'est vrai j'en ai déplacé un ou deux. Je pensais bien faire.
Voilà le rapport.
Search Navipromo version 3.7.1 commencé le 13/01/2009 à 9:19:22,95
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(TM) 2600+ )
BIOS : Award Modular BIOS v6.0
USER : FAMILLE ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:50 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:14 Go (Free:4 Go)
G:\ (Local Disk) - NTFS - Total:61 Go (Free:25 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:19 Go (Free:11 Go)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
P:\ (Local Disk) - NTFS - Total:159 Go (Free:75 Go)
Q:\ (CD or DVD)
R:\ (CD or DVD)
S:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\FAMILLE\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Tanguy\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\FAMILLE\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Tanguy\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\FAMILLE\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Tanguy\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\FAMILLE\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Tanguy\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\FAMILLE\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Tanguy\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
C:\WINDOWS\system32\FgNnonnn.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 13/01/2009 à 9:24:43,18 ***
Merçi.
Voilà le rapport.
Search Navipromo version 3.7.1 commencé le 13/01/2009 à 9:19:22,95
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(TM) 2600+ )
BIOS : Award Modular BIOS v6.0
USER : FAMILLE ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:50 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:14 Go (Free:4 Go)
G:\ (Local Disk) - NTFS - Total:61 Go (Free:25 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:19 Go (Free:11 Go)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
P:\ (Local Disk) - NTFS - Total:159 Go (Free:75 Go)
Q:\ (CD or DVD)
R:\ (CD or DVD)
S:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\FAMILLE\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Tanguy\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\FAMILLE\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Tanguy\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\FAMILLE\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Tanguy\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\FAMILLE\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Tanguy\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\FAMILLE\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Tanguy\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
C:\WINDOWS\system32\FgNnonnn.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 13/01/2009 à 9:24:43,18 ***
Merçi.
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
13 janv. 2009 à 10:01
13 janv. 2009 à 10:01
Telecharge et installe malwarebyte met le a jour Fait un scan minutieux (complet)
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
supprime toutes les infections trouvées et poste le rapport
puis après reposte hijackthis
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
supprime toutes les infections trouvées et poste le rapport
puis après reposte hijackthis
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
13 janv. 2009 à 11:48
13 janv. 2009 à 11:48
Voilà les rapports mais il est sacrément coriace trojan vundo - Toujours le problème Alerte sécurité windows. Promis, Je n'ai plus rien modifié. J'ai suivi les instructions.
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1645
Windows 5.1.2600 Service Pack 3
13/01/2009 11:36:15
mbam-log-2009-01-13 (11-36-15).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|N:\|O:\|P:\|Q:\|R:\|S:\|)
Eléments examinés: 181459
Temps écoulé: 49 minute(s), 20 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnonNgF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xweflqxr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnoMCRl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lecbjl.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{075056b0-2678-46b5-af43-71e8231a44aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{075056b0-2678-46b5-af43-71e8231a44aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4444ef10-86c2-4917-a27c-461f932b4a32} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4444ef10-86c2-4917-a27c-461f932b4a32} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnomcrl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{075056b0-2678-46b5-af43-71e8231a44aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4444ef10-86c2-4917-a27c-461f932b4a32} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a4d6547e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnonngf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnonngf -> Delete on reboot.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\lecbjl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnonNgF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\FgNnonnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FgNnonnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoMCRl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xweflqxr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rxqlfewx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmcoxwfu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyvwUNh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2638.dll (Trojan.Agent) -> Delete on reboot.
et suivant:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:37, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1645
Windows 5.1.2600 Service Pack 3
13/01/2009 11:36:15
mbam-log-2009-01-13 (11-36-15).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|N:\|O:\|P:\|Q:\|R:\|S:\|)
Eléments examinés: 181459
Temps écoulé: 49 minute(s), 20 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnonNgF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xweflqxr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnoMCRl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lecbjl.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{075056b0-2678-46b5-af43-71e8231a44aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{075056b0-2678-46b5-af43-71e8231a44aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4444ef10-86c2-4917-a27c-461f932b4a32} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4444ef10-86c2-4917-a27c-461f932b4a32} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnomcrl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{075056b0-2678-46b5-af43-71e8231a44aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4444ef10-86c2-4917-a27c-461f932b4a32} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a4d6547e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnonngf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnonngf -> Delete on reboot.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\lecbjl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnonNgF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\FgNnonnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FgNnonnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoMCRl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xweflqxr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rxqlfewx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmcoxwfu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyvwUNh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2638.dll (Trojan.Agent) -> Delete on reboot.
et suivant:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:37, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
13 janv. 2009 à 13:15
13 janv. 2009 à 13:15
relance hijackthis choisit "do a scan only" et coche la case a gauche de la ligne :
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
puis clik sur fix checked en bas
as tu encore des problemes?
Pour verifier
telecharge GENPROC Ouvre ce lien d'aide < < http://www.alt-shift-return.org/Info/GenProc-HowTo.html >
, et le téléchargement est dedans < http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip > repond oui à la question à la fin et poste la rapport stp
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
puis clik sur fix checked en bas
as tu encore des problemes?
Pour verifier
telecharge GENPROC Ouvre ce lien d'aide < < http://www.alt-shift-return.org/Info/GenProc-HowTo.html >
, et le téléchargement est dedans < http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip > repond oui à la question à la fin et poste la rapport stp
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
13 janv. 2009 à 16:43
13 janv. 2009 à 16:43
Voila la réponse et solution proposée
RAPPORT /
Rapport GenProc 2.333 [1] - 13/01/2009 - Windows XP
Il est impératif de désactiver le résident de A-Squared pendant l'ensemble des manipulations qui vont suivre. Aide A-Squared : http://ww11.genproc.com/a-squared/a-squared.html
# Etape 1/ Télécharge :
- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
Ce logiciel va permettre de supprimer tous les fichiers temporaires.
Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.
- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** FAMILLE ***
# Etape 2/
Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport C:\TB.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
____________________________________________________________________________________________________________
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
RAPPORT /
Rapport GenProc 2.333 [1] - 13/01/2009 - Windows XP
Il est impératif de désactiver le résident de A-Squared pendant l'ensemble des manipulations qui vont suivre. Aide A-Squared : http://ww11.genproc.com/a-squared/a-squared.html
# Etape 1/ Télécharge :
- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
Ce logiciel va permettre de supprimer tous les fichiers temporaires.
Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.
- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** FAMILLE ***
# Etape 2/
Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport C:\TB.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
____________________________________________________________________________________________________________
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
13 janv. 2009 à 17:02
13 janv. 2009 à 17:02
J'ai A-SQUARED FREE pour le désactiver il faut aller dans autorisation et décocher DEMARRER A-SQUARED FREE?
Question peut-être bête ;-)
Question peut-être bête ;-)
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
13 janv. 2009 à 17:05
13 janv. 2009 à 17:05
pour le desactive suit le lien donné c'est celui la http://ww11.genproc.com/a-squared/a-squared.html
puis fait le rapport a la lettre sauf que tu fait option 1 de toolbar et tu poste le rapport stp
suit bien le poste 20 et fait l'option 1 de toolbar
puis fait le rapport a la lettre sauf que tu fait option 1 de toolbar et tu poste le rapport stp
suit bien le poste 20 et fait l'option 1 de toolbar
RICONET
Messages postés
116
Date d'inscription
mercredi 15 novembre 2006
Statut
Membre
Dernière intervention
6 mars 2024
13 janv. 2009 à 18:19
13 janv. 2009 à 18:19
Bonsoir,
Bon en fait, j'ai supprimé A-SQUARED c'était une ancienne version. Ensuite je suis passé en mode sans échec F8. J'ai suivi scrupuleusement les instructions.
J'ai toujours ce *@ alerte de sécurité windows qui s'affiche. Je me souviens que lors du passage de Findykill, il avait disparu un temps. Voilà les rapports:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(TM) 2600+ )
BIOS : Award Modular BIOS v6.0
USER : FAMILLE ( Administrator )
BOOT : Fail-safe boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:50 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:14 Go (Free:4 Go)
G:\ (Local Disk) - NTFS - Total:61 Go (Free:25 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:19 Go (Free:11 Go)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
P:\ (Local Disk) - NTFS - Total:159 Go (Free:75 Go)
Q:\ (CD or DVD)
R:\ (CD or DVD)
S:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 13/01/2009|18:01 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\GamesBar\Localization2-English.ini
Supprime! - C:\Program Files\GamesBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-is
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja-JP-mac
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ko
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nn-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ro
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-uk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-TW
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-is
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja-JP-mac
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ko
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nn-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ro
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-uk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-TW
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:01, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Bon en fait, j'ai supprimé A-SQUARED c'était une ancienne version. Ensuite je suis passé en mode sans échec F8. J'ai suivi scrupuleusement les instructions.
J'ai toujours ce *@ alerte de sécurité windows qui s'affiche. Je me souviens que lors du passage de Findykill, il avait disparu un temps. Voilà les rapports:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(TM) 2600+ )
BIOS : Award Modular BIOS v6.0
USER : FAMILLE ( Administrator )
BOOT : Fail-safe boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:50 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:14 Go (Free:4 Go)
G:\ (Local Disk) - NTFS - Total:61 Go (Free:25 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:19 Go (Free:11 Go)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
P:\ (Local Disk) - NTFS - Total:159 Go (Free:75 Go)
Q:\ (CD or DVD)
R:\ (CD or DVD)
S:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 13/01/2009|18:01 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\GamesBar\Localization2-English.ini
Supprime! - C:\Program Files\GamesBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-is
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja-JP-mac
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ko
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nn-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ro
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-uk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-TW
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-is
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja-JP-mac
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ko
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nn-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ro
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-uk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-TW
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:01, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe