Sujet Précédent Sujet Suivant

ORDIN INFECTE WIN 32 ET autres

Fermé
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024 - 11 janv. 2009 à 10:59
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024 - 14 janv. 2009 à 13:10
Bonjour,
Je me rends compte que je suis infecté par le virus WIN 32 et ses avatares. J'ai utlisé mon antivirus NOD 32, qui me protégeais bien jusqu'alors mais je n'ai sans doute pas été vigilant sur mes téléchargements...bref.
Depuis j'ai le Centre de sécurité Windows qui me dis que la mise à jour est désactivé, hors dans mon panneau de configuration, tout est activé.
J'ai également le message :" Erreur de chargement de C:\windows\system32\odnpqqkp.dll
Le module est introuvable "

Je viens de recevoir le message d'alerte "message d'avertissement de http:::bestantivirusscanner.com " et ont me demande de télécharger l'antivirus.

Mon antivirus viens de sactiver pour : http:incrates.com:iCash.exe

Peut-on m'aider?
Merçi
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
danilink Messages postés 8 Date d'inscription dimanche 11 janvier 2009 Statut Membre Dernière intervention 11 janvier 2009 1
11 janv. 2009 à 11:06
idem.
0
Réponse 2 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
11 janv. 2009 à 11:10
Petite précision, quand je lance NOD32 iL ME PR2CISE QUE LE VIRUS WIN32/adware.Virtumonde est détecté en mémoire et il me propose uniquement de le laisser.??????????????
J'y comprends plus rien.
0
Réponse 3 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
11 janv. 2009 à 17:20
Au secours,
mon ordi devient de moins en moins stable.
Mon antivirus devient fou. Est-ce bon signe?
J'ai passé Malwarebytes' Anti-Malware mais j'ai toujours des problèmes.
HELP !!!!!!!!!!!!!!!!!!!!
0
Réponse 4 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
11 janv. 2009 à 17:29
Je vois que certains envoi le rapport de malawarebytes. Voici le mien
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1642
Windows 5.1.2600 Service Pack 3

11/01/2009 17:05:57
mbam-log-2009-01-11 (17-05-57).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 151650
Temps écoulé: 32 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati6qtxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\ati6qtxx.sys (Rootkit.Agent) -> Delete on reboot.



Voici le rapport HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:46, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll
O20 - Winlogon Notify: btqbanfi - C:\WINDOWS\SYSTEM32\btqbanfi.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
12 janv. 2009 à 08:55
Je précise : je n'ai plus du tout accès aux partition. Le message suivant apparait :
C/\resycled\boot.com n'est pas une application win32 valide.
Je tente un nouveau scan avec mon antivirus en attendant une main tendue.

Merçi
0
Réponse 6 / 24
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
12 janv. 2009 à 09:47
Bonjour,

Telecharge et installe Findykill

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

execute le choisit ta langue et fait option 1 et poste le rapport stp
0
Réponse 7 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
12 janv. 2009 à 10:15
Voilà mon rapport, merci beaucoup



----------------- FindyKill V4.711 ------------------

* User : FAMILLE - SEVENO-E025D8F5
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 10:09:03 le 12/01/2009
* Windows XP - Internet Explorer 6.0.2900.5512

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\11398.EXE-1E1E3657.pf
Found ! - C:\WINDOWS\prefetch\1264310058.EXE-1F009872.pf
Found ! - C:\WINDOWS\prefetch\1375091308.EXE-00A2A56C.pf
Found ! - C:\WINDOWS\prefetch\15597.EXE-03897FED.pf
Found ! - C:\WINDOWS\prefetch\16855.EXE-35D9DB01.pf
Found ! - C:\WINDOWS\prefetch\1697097124.EXE-3822447A.pf
Found ! - C:\WINDOWS\prefetch\253.EXE-08154F1A.pf
Found ! - C:\WINDOWS\prefetch\2650189420.EXE-0BBD6E85.pf
Found ! - C:\WINDOWS\prefetch\2792958256.EXE-241F31F2.pf
Found ! - C:\WINDOWS\prefetch\2798114506.EXE-2944DEC6.pf
Found ! - C:\WINDOWS\prefetch\3079967762.EXE-1E8A2410.pf
Found ! - C:\WINDOWS\prefetch\3334502658.EXE-23EEC6AA.pf
Found ! - C:\WINDOWS\prefetch\3683041828.EXE-1370615E.pf
Found ! - C:\WINDOWS\prefetch\3760229328.EXE-024669D7.pf
Found ! - C:\WINDOWS\prefetch\3867885578.EXE-30C30672.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\FAMILLE\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\FAMILLE\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\FAMILLE\Local Settings\Temporary Internet Files\Content.IE5

Found ! [26/04/2000 17:41] - C:\Program Files\ScanButton 3.0\Web-ClubPhoto\UPLOAD\filelist.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nod32kui="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="F:\iTunes2\iTunesHelper.exe"
eCarteBleue-CDE-P3=C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NoteBurner=C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
Logitech Hardware Abstraction Layer=KHALMNPR.EXE
WinampAgent="C:\Program Files\Winamp\winampa.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=


--------------- [ Registre / Clés infectieuses ] ----------------




--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

/!\ wuauserv - Type de démarrage = 4

wscsvc - Type de démarrage = 2


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

L: - Lecteur fixe

O: - Lecteur fixe

P: - Lecteur fixe

S: - Lecteur de CD-ROM


+- Contenu de l'autorun : D:\autorun.inf

[autorun]
;xewigpcpcpuoxwjxquilstutaclluznjxgmqxsevebotnss
shellexecute="resycled\boot.com d:"
;uqbpzwedbaderoksyljgfgfayysluprgijbhpufbrjailcpjdzsagtcsqzndnswvigkhy
shell\Open\command="resycled\boot.com d:"
;fuwvvrjaoyiroompdnjdbnsmvjsflkmawllvboxja

+- Contenu de l'autorun : L:\autorun.inf

[autorun]
;zfrxlwetzzzqgsyvztqfodugjanrbatiqoxixuadgkraytifwoypazpxbwnezuapfelevzai
shellexecute="resycled\boot.com l:"
;jxoqlrromyjfwfqpgzqyjpydasrdrvmuwudwhtyqjdohiqkoindafrhfwpxgnismmpwyhdevtzmbdbro
shell\Open\command="resycled\boot.com l:"
;jqhut

+- Contenu de l'autorun : O:\autorun.inf

[autorun]
;pomhvxmtjwukmwvduynhwufxxmpcbpyyhfvh
shellexecute="resycled\boot.com o:"
;ivaapicrpioglg
shell\Open\command="resycled\boot.com o:"
;svszycivgnstjjfaxuakyjedfgjxnuhlwttdbflijfaehvdmmfuibpopbvjcgkyseb
shell=Open
;jsyrullfspfypsbah

+- Contenu de l'autorun : P:\autorun.inf

[autorun]
;ajmtgfktluwrpaidmnpmrnacnyugtxrhrxrnaucpcgpbjnhdvkzlujyeovgkiulzmfbnzllddjkztvgmbztwljxxoctjkgfczbpz
shellexecute="resycled\boot.com p:"
;ljvwigvozngimuaevsjkxgbndclyowxnpwoogjejovnvexrjsveqlepccrqcxkdzjyndcmggavzivqkudaiqzl
shell\Open\comm

+- Contenu de l'autorun : S:\autorun.inf

[AutoRun]
open=Autorun.exe
icon=Install\swgbg.ico

+- presence des fichiers :

Found ! [11/01/2009 17:13][-r-hs----] - D:\autorun.inf
Found ! [11/01/2009 17:13][-r-hs----] - L:\autorun.inf
Found ! [11/01/2009 17:13][-r-hs----] - O:\autorun.inf
Found ! [11/01/2009 17:13][-r-hs----] - P:\autorun.inf
Found ! [03/08/2001 11:53][-r-------] - S:\autorun.inf


--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{631190c0-b222-11dc-a0f5-b8e6e963083f}\Shell\AutoRun\command


------------------- ! Fin du rapport ! --------------------

Je ne sais plus si je l'ai mentionné mais, j'ai toujours un message d'alerte de sécurité windows, hors tout est bien coché.
Autre petite question.
NOD 32 et Malwarebytes' Anti-Malware font ils bon menage?
0
Réponse 8 / 24
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
12 janv. 2009 à 11:21
ok donc donc deconnecte toi d'internet, ferme toutes tes application

ET branches tes clefs usb,disque dur externe, appareil photo...qui peuvent etre infectés, sans les ouvrir

et relance findykill en option 2 et poste le rapport puis après reposte un hijackthis
0
Réponse 9 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
12 janv. 2009 à 12:48
Voila le résultat de ce que tu m'as demandé plopus,... Bon appétit.
Je m'aperçois également que je devrai avoir une discussion avec certain membre de ma famille.

* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 12:23:17 the 12/01/2009
* Windows XP - Internet Explorer 6.0.2900.5512


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\11398.EXE-1E1E3657.pf
Deleted ! - C:\WINDOWS\prefetch\1264310058.EXE-1F009872.pf
Deleted ! - C:\WINDOWS\prefetch\1375091308.EXE-00A2A56C.pf
Deleted ! - C:\WINDOWS\prefetch\15597.EXE-03897FED.pf
Deleted ! - C:\WINDOWS\prefetch\16855.EXE-35D9DB01.pf
Deleted ! - C:\WINDOWS\prefetch\1697097124.EXE-3822447A.pf
Deleted ! - C:\WINDOWS\prefetch\253.EXE-08154F1A.pf
Deleted ! - C:\WINDOWS\prefetch\2650189420.EXE-0BBD6E85.pf
Deleted ! - C:\WINDOWS\prefetch\2792958256.EXE-241F31F2.pf
Deleted ! - C:\WINDOWS\prefetch\2798114506.EXE-2944DEC6.pf
Deleted ! - C:\WINDOWS\prefetch\3079967762.EXE-1E8A2410.pf
Deleted ! - C:\WINDOWS\prefetch\3334502658.EXE-23EEC6AA.pf
Deleted ! - C:\WINDOWS\prefetch\3683041828.EXE-1370615E.pf
Deleted ! - C:\WINDOWS\prefetch\3760229328.EXE-024669D7.pf
Deleted ! - C:\WINDOWS\prefetch\3867885578.EXE-30C30672.pf

»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\FAMILLE\Application Data


»»»» Supression files in C:\DOCUME~1\FAMILLE\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\FAMILLE\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

L: - Lecteur fixe

O: - Lecteur fixe

P: - Lecteur fixe

S: - Lecteur de CD-ROM

T: - Lecteur amovible


+- deleting files :

Deleted ! - D:\autorun.inf
Deleted ! - L:\autorun.inf
Deleted ! - O:\autorun.inf
Deleted ! - P:\autorun.inf
Not deleted !! - S:\autorun.inf
Deleted ! - T:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\FAMILLE\Application Data\uTorrent\C&C Red Alert 2 (Full Game) crack keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\CnC 3 Tiberium Wars Kane Edition Keygen RazorDOX.rar.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command.&.Conquer.Red.Alert.3.Crack.und.Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_and_Conquer_3_Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\dbPowerAMP Music Converter 11.5 + Powerpack, Codec & Skins (CRACKeD).torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Keygen and Crack 1.2 Command and conquer3.exe.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Mahjong.Suite.2007.v4.3.Cracked-F4CG.torrent
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\BuildingImporter.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor2.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_FullEdit.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\For Health & Prosperity Click Here!.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\God's Yellow Pages.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\MannaTech.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\Work From Home!.url
C:\Documents and Settings\FAMILLE\Mes documents\mahjong suite2007\crack.zip
C:\Documents and Settings\FAMILLE\Recent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.lnk
C:\Documents and Settings\FAMILLE\Recent\Crack.lnk
C:\Documents and Settings\FAMILLE\Recent\C_C_1.03_Crack_by_Blizzard.lnk
C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw


---------------- ! End of report ! ------------------



HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:35, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0
Réponse 10 / 24
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
12 janv. 2009 à 14:58
efface tous sa pour pas replonger + tous tes autres crack et keygen qui t'on infecté

C:\Documents and Settings\FAMILLE\Application Data\uTorrent\C&C Red Alert 2 (Full Game) crack keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\CnC 3 Tiberium Wars Kane Edition Keygen RazorDOX.rar.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command.&.Conquer.Red.Alert.3.Crack.und.Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_and_Conquer_3_Keygen.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\dbPowerAMP Music Converter 11.5 + Powerpack, Codec & Skins (CRACKeD).torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Keygen and Crack 1.2 Command and conquer3.exe.torrent
C:\Documents and Settings\FAMILLE\Application Data\uTorrent\Mahjong.Suite.2007.v4.3.Cracked-F4CG.torrent
C:\Documents and Settings\FAMILLE\Recent\Command And Conquer Red Alert 3 CRACK ONLY-RELOADED.lnk


ensuite as tu des fichiers comme sa a quoi sa corresspond City Life\Crack

C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\BuildingImporter.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_editor2.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\CLD_FullEdit.exe
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\For Health & Prosperity Click Here!.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\God's Yellow Pages.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\MannaTech.url
C:\Documents and Settings\FAMILLE\Mes documents\Downloads\City Life\Crack\Work From Home!.url
C:\Documents and Settings\FAMILLE\Mes documents\mahjong suite2007\crack.zip
*



ensuite

relance hijackthis choisit "do a scan only" et coche les case a gauche des lignes :

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)

deconnecte toi d'internet, ferme tout tes programme et puis clic fix checked en bas




ensuite met tes logiciel a jour dont internet explorer on est à la version 7 clik ici

https://www.flexera.com/products/operations/software-vulnerability-management.html

puis clic start scan et tous les logiciel avec un ecroix rouge , tu les mets a jour avec l'url fourni





puis pour controler et finir

Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Clique sur Continue
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront poste les 2 rapports
0
Réponse 11 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
12 janv. 2009 à 21:27
Voilà les deux rapports. Je pense que je dois toujours avoir un indésirable car j'ai à nouveau le problème de sécurité windows, faussement déconnecté mais qui m 'empêche de faire la mise à jour de IE. Et en plus il ouvre des fenêtres intempestives. Au fait je suis sur firefox.


Logfile of random's system information tool 1.05 (written by random/random)
Run by FAMILLE at 2009-01-12 21:17:48
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (25%) free of 80 GB
Total RAM: 1024 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:09, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\FAMILLE\Bureau\RSIT.exe
C:\Program Files\trend micro\FAMILLE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {aa44a132-8e17-34fa-5b64-87620b650570} - {075056b0-2678-46b5-af43-71e8231a44aa} - C:\WINDOWS\system32\lecbjl.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DC13B472-6EDF-411D-A304-4C96274D1878} - C:\WINDOWS\system32\nnnonNgF.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\WINDOWS\system32\2638.dll,s
O4 - HKLM\..\Run: [a4d6547e] rundll32.exe "C:\WINDOWS\system32\xweflqxr.dll",b
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
O20 - Winlogon Notify: pmnoMCRl - C:\WINDOWS\SYSTEM32\pmnoMCRl.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0
Réponse 12 / 24
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
12 janv. 2009 à 21:37
ben oui en effet il doit te rester des choses ou plutot tu a du rajouter des choses non?

tu as installer des logiciels ou tu t'es servit de tes cracks? car tu as des nouvelles lignes


telecharge et installe navilog1

http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm

execute le et fait option 1 et poste le rapport stp
0
Réponse 13 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
13 janv. 2009 à 09:31
En fait, j'ai supprimé pas mal surtout et c'est vrai j'en ai déplacé un ou deux. Je pensais bien faire.
Voilà le rapport.

Search Navipromo version 3.7.1 commencé le 13/01/2009 à 9:19:22,95

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(TM) 2600+ )
BIOS : Award Modular BIOS v6.0
USER : FAMILLE ( Administrator )
BOOT : Normal boot

Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:50 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:14 Go (Free:4 Go)
G:\ (Local Disk) - NTFS - Total:61 Go (Free:25 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:19 Go (Free:11 Go)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
P:\ (Local Disk) - NTFS - Total:159 Go (Free:75 Go)
Q:\ (CD or DVD)
R:\ (CD or DVD)
S:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\FAMILLE\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Tanguy\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\FAMILLE\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Tanguy\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\FAMILLE\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Tanguy\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\FAMILLE\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Tanguy\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\FAMILLE\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Tanguy\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

C:\WINDOWS\system32\FgNnonnn.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 13/01/2009 à 9:24:43,18 ***

Merçi.
0
Réponse 14 / 24
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
13 janv. 2009 à 10:01
Telecharge et installe malwarebyte met le a jour Fait un scan minutieux (complet)

http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware

supprime toutes les infections trouvées et poste le rapport

puis après reposte hijackthis
0
Réponse 15 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
13 janv. 2009 à 11:48
Voilà les rapports mais il est sacrément coriace trojan vundo - Toujours le problème Alerte sécurité windows. Promis, Je n'ai plus rien modifié. J'ai suivi les instructions.

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1645
Windows 5.1.2600 Service Pack 3

13/01/2009 11:36:15
mbam-log-2009-01-13 (11-36-15).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|N:\|O:\|P:\|Q:\|R:\|S:\|)
Eléments examinés: 181459
Temps écoulé: 49 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnonNgF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xweflqxr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnoMCRl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lecbjl.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{075056b0-2678-46b5-af43-71e8231a44aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{075056b0-2678-46b5-af43-71e8231a44aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4444ef10-86c2-4917-a27c-461f932b4a32} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4444ef10-86c2-4917-a27c-461f932b4a32} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnomcrl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{075056b0-2678-46b5-af43-71e8231a44aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4444ef10-86c2-4917-a27c-461f932b4a32} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a4d6547e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnonngf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnonngf -> Delete on reboot.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\lecbjl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnonNgF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\FgNnonnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FgNnonnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoMCRl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xweflqxr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rxqlfewx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmcoxwfu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyvwUNh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2638.dll (Trojan.Agent) -> Delete on reboot.

et suivant:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:37, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0
Réponse 16 / 24
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
13 janv. 2009 à 13:15
relance hijackthis choisit "do a scan only" et coche la case a gauche de la ligne :

O20 - Winlogon Notify: btqbanfi - btqbanfi.dll (file missing)

puis clik sur fix checked en bas


as tu encore des problemes?


Pour verifier

telecharge GENPROC Ouvre ce lien d'aide < < http://www.alt-shift-return.org/Info/GenProc-HowTo.html >

, et le téléchargement est dedans < http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip > repond oui à la question à la fin et poste la rapport stp
0
Réponse 17 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
13 janv. 2009 à 16:43
Voila la réponse et solution proposée
RAPPORT /

Rapport GenProc 2.333 [1] - 13/01/2009 - Windows XP

Il est impératif de désactiver le résident de A-Squared pendant l'ensemble des manipulations qui vont suivre. Aide A-Squared : http://ww11.genproc.com/a-squared/a-squared.html

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
Ce logiciel va permettre de supprimer tous les fichiers temporaires.
Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** FAMILLE ***


# Etape 2/

Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport C:\TB.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

____________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
0
Réponse 18 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
13 janv. 2009 à 17:02
J'ai A-SQUARED FREE pour le désactiver il faut aller dans autorisation et décocher DEMARRER A-SQUARED FREE?
Question peut-être bête ;-)
0
Réponse 19 / 24
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
13 janv. 2009 à 17:05
pour le desactive suit le lien donné c'est celui la http://ww11.genproc.com/a-squared/a-squared.html

puis fait le rapport a la lettre sauf que tu fait option 1 de toolbar et tu poste le rapport stp

suit bien le poste 20 et fait l'option 1 de toolbar
0
Réponse 20 / 24
RICONET Messages postés 116 Date d'inscription mercredi 15 novembre 2006 Statut Membre Dernière intervention 6 mars 2024
13 janv. 2009 à 18:19
Bonsoir,
Bon en fait, j'ai supprimé A-SQUARED c'était une ancienne version. Ensuite je suis passé en mode sans échec F8. J'ai suivi scrupuleusement les instructions.
J'ai toujours ce *@ alerte de sécurité windows qui s'affiche. Je me souviens que lors du passage de Findykill, il avait disparu un temps. Voilà les rapports:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(TM) 2600+ )
BIOS : Award Modular BIOS v6.0
USER : FAMILLE ( Administrator )
BOOT : Fail-safe boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:50 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:14 Go (Free:4 Go)
G:\ (Local Disk) - NTFS - Total:61 Go (Free:25 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:19 Go (Free:11 Go)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go)
P:\ (Local Disk) - NTFS - Total:159 Go (Free:75 Go)
Q:\ (CD or DVD)
R:\ (CD or DVD)
S:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 13/01/2009|18:01 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\GamesBar\Localization2-English.ini
Supprime! - C:\Program Files\GamesBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-is
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja-JP-mac
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ko
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nn-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ro
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-uk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-TW
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-is
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja-JP-mac
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ko
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nn-NO
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ro
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-uk
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-TW
(FAMILLE) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:01, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] C:\Program Files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe /dontopenmycards
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0

Discussions similaires

Problème de décodeur TV Bouygues Telecom
Massi119 -
Turone37 -

188 réponses
W32 L32: correspondance entre taille US et taille française
efg -
sibel -

6 réponses