Piratage de compte MSN = QUE FAIRE ?!Fermé

Question

Bonsoir,

J'ai un problème qui prend de l'ampleur : hier soir, impossible de me connecter sur ma session MSN, juste après la mise à jour de Messenger Plus... j'ai donc pensé qu'il en était la cause, ai tout désinstallé / réinstallé (du coup je me retrouve avec Windows Live 2009 XD). Toujours pas moyen. J'ai tenté de loguer mon second compte MSN, ainsi que le compte de ma colocataire (qui fonctionne sur son Mac et qui fonctionnait toujours par la suite). J'ai essayé de me loguer depuis son Mac - rien à faire.

J'ai ceci : http://img27.imageshack.us/img27/8997/25959885wf0.png
(capture d'écran du message d'erreur 80048823)


Bon, jusque là je ne m'inquiète pas trop en me disant que ça doit être un bug et que ça remarchera demain... aujourd'hui, toujours rien... et en plus de ça, ma session eBay refuse de me loguer pour la même raison - mot de passe invalide !

Là je commence méchamment à paniquer, si j'ai affaire à un hackeur, il a été assez malin pour me pirater mon eBay et il va remonter notamment à mon compte Paypal et vraisemblablement à ma banque, à terme.

Que dois-je faire pour l'enrayer ?
AU SECOURS !

L@MAD · Answer

Bonjour,

La correspondance de votre erreur par rapport au support technique.
https://messengersupportspace.wordpress.com/!8B3F39C76A8B853F!13935.entry

Ré-initialisez votre mot de passe (consulter le support).
Si vous n'y parvenez pas, écrivez au support technique Microsoft Windows Live ID.

Une fois vos identifiants récupérés, fait nettoyer votre ordinateur par un professionnel, sans être connecté à Internet.
Enfin, modifier vous même l'ensemble de vos identifiants ( locaux et distants ). 

Si malgré tout, vous êtes victime d'une escroquerie, utilisez la plateforme "Internet Signalement".
https://www.serruriergonesse.com/

Bon courage.

InfernO.vir · Answer

Slt,

Un keyloger est surement installé sur ta machine :

Clique sur ce lien 
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe 
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.  

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là : 
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement


Tutoriaux : http://perso.orange.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
              http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm 

Ensuite :

Bonjour,

la traduction (et adapatation à la version française)du canned speech de Grinler sur Bleeping Computer.

1) Imprime ces instructions ou sauvegarde les sur ton Bureau car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain teps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche. 
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

GalopaWXY · Answer

Merci beaucoup pour vos réponses ! Je viens à l'instant d'envoyer un mail au Support Hotmail en indiquant mon problème ainsi que mon identité, j'espère qu'ils sont rapides...

J'avais déjà HijackThis (il sert à tout ce programme), voici le log :
Je poste ça avant de lancer MalwareBytes, vu que visiblement je vais devoir tout fermer, je reviendrais donner les résultats.

Merci encore !!

______________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:03, on 07/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset
od32kui.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\clySmic\Lunar Almanack\Lunabar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact XL\Iedit.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Eset
od32.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Dofus\Dofus.exe
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.horses-sales.com/dressage_horses_for_sale.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\clySmic\Lunar Almanack\Lunabar.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FECCB915-E267-4E9C-A29A-F57A3B84C27C}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

InfernO.vir · Answer

OK,

J'attends ton rapport MBAM.

GalopaWXY · Answer

Rapport MBAM :

http://img155.imageshack.us/img155/6466/sanstitrekq9.png

J'aurais supprimé les quatre entrées mais il a trouvé quelque chose d'HijackThis, je suis perturbée x) que dois-je faire ?
Si tu es allé te coucher et que je n'ai pas de réponse, je supprimerais les fichiers tout de même. Après tout, un programme, ça se réinstalle.

InfernO.vir · Answer

Re,

Tu peux supprimer la selection ! 

Et ce n'est pas un composant de HiJackThis mais un malware au nom de Hijack !

Ensuite, vide la quarantaine de MBAM :

-Rend toi a l'onglet Quarantaine et supprime ce qui s'y trouve.

_________________________________________________

Telecharge FindyKill sur ton Bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisis l'option 1 (Recherche)

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque .

GalopaWXY · Answer

Bon MBAM a créé un rapport, je te le post.
Il veut maintenant que je redémarre mon pc donc je vais faire ça, puis je vais faire ton FindyKill, mais sans allumer mes disques durs externes car je n'y ai pas touché depuis une bonne semaine, donc depuis l'infection.

Tu trouves quelque chose ?

__________________________________________________________



Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1736
Windows 5.1.2600 Service Pack 2

07/02/2009 22:17:08
mbam-log-2009-02-07 (22-17-08).txt

Type de recherche: Examen complet (C:\|D:\|J:\|)
Eléments examinés: 287813
Temps écoulé: 2 hour(s), 27 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\HP_Administrateur\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.

GalopaWXY · Answer

Et voilà le rapport FindyKill !

_________________________________________________________

###################### [ FindyKill V4.715 ]

# User : HP_Administrateur - PC-GALOPAWXY
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours 29/01/09 par Chiquitine29
# Recherche effectuée à 22:24:46 le 07/02/2009
# Windows XP - Internet Explorer 6.0.2900.2180

# [ FindyKill V4.715 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Eset\nod32kui.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\clySmic\Lunar Almanack\Lunabar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////

################## [ C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\Prefetch\PATCHER_S4.EXE-2B448682.pf

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\HP_Administrateur\Application Data ]

################## [ C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp ]

\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
RocketDock="C:\Program Files\RocketDock\RocketDock.exe"
DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Google Update="C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
nod32kui="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
PowerStrip=c:\program files\powerstrip\pstrip.exe
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - # Type de démarrage = 3

Ip6Fw - # Type de démarrage = 3

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2

wscsvc - # Type de démarrage = 2

\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////

# Informations :

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur de CD-ROM

G: - Lecteur de CD-ROM

J: - Lecteur amovible

# Contenu de l'autorun : D:\autorun.inf

[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480

# Contenu de l'autorun : F:\autorun.inf

[autorun]
open=Autorun.exe
Icon=Sims2EP8.ico
Name=The Sims 2 Apartment Life

[Special]
Disk=1
ProductGuiID={B6F5B704-06D3-4687-90F3-6195304AD755}

# Contenu de l'autorun : G:\autorun.inf

[autorun]
OPEN=autorun.exe
ICON=autorun.exe,0

[Disk]
Disk=1
Label1=Disk1

[General]
Language=0
Background=swautorun.bmp
BackgroundSound=background.wav
ClickSound=click.wav
Data=Data

[Messages]
Caption=Star Wars: Knights of the Old Republic
InsertPlay=Please insert the Star Wars: Knights of the Old Republic 'Disc 1 - Play Disc'.
InsertInstall=Please insert the Star Wars: Knights of the Old Republic 'Disc 1 - Play Disc'.
CheckCD=Please check your CD for dirt or damage.

[Button1]
x=80
y=128
down=mousedown.bmp
over=mouseover.bmp
up=mousenormal.bmp
label=Install

[Button2]
x=80
y=182
down=mousedown.bmp
over=mouseover.bmp
up=mousenormal.bmp
label=Exit

# presence des fichiers :

Found ! [30/04/2004 07:01][---hs----] - D:\autorun.inf
Found ! [30/11/2004 04:01][---hs----] - D:\info.exe
Found ! [26/07/2008 15:44][-r-------] - F:\autorun.inf
Found ! [05/11/2003 01:19][-r-------] - G:\autorun.inf

\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////

-> Not found !

################## [ ! Fin du rapport # FindyKill V4.715 ! ]

InfernO.vir · Answer

Bien infecté !

Relance FindyKill :

(vérifie que les supports amovibles susceptibles d'avoir été infectés sont branchés)

-> choisis cette fois-ci l'option 2 .

/!\ durant la procédure, l'ordinateur va redémarrer !... Laisses travailler l'outil jusqu' à l'apparition du message :
"nettoyage terminé" .

Note : lors du message d'avertissement , cliques sur " Ok " .

--> ensuite poste le nouveau rapport FindyKill.txt qui est généré et attends la suite ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )


PS : Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tape explorer.exe et valide .

GalopaWXY · Answer

Je pense avoir fini la désinfection... mon PC a redémarré, puis FindyKill s'est booté avant qu'une quelconque application puisse le faire (l'exploreur a été très lent à revenir mais je n'ai pas eu à le relancer moi-même). Il a réfléchi pendant un bon moment avec l'unique message "Please wait, searching for other infections, do not close this window !"

Maintenant ça fait dix minutes qu'il m'affiche ça : http://img201.imageshack.us/img201/1098/sanstitredp1.png
Et je viens de voir que le second paragraphe (à partir de Slavasoft) s'est répété - donc apparaît en double en bas de la fenêtre dos.

Je suis pas sûre quoi faire, en tout cas mon PC semble maladif, les clics sont pris en compte avec 20 secondes de décalage et il a eu du mal à booter le navigateur - par contre aucun souci de switch entre les onglets.

Là je l'entends réfléchir bruyamment, je n'ai pas fermé FindyKill (par contre j'ai ouvert un bouquin XD)

InfernO.vir · Answer

Ok laisse findykill bosser et si jamais ca n'avance pas on fera autrement.

GalopaWXY · Answer

Bon il en était à quatre répétition du paragraphes, il vient de terminer ^^ voici le rapport :


___________________________________________________________________



###################### [ FindyKill V4.715 ]

# User : HP_Administrateur - PC-GALOPAWXY
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 23:07:46 the 07/02/2009
# Windows XP - Internet Explorer 6.0.2900.2180
 
# [ FindyKill V4.715 - Deleting ] ############### 
 
\\\\\\\\\  [ Active Processes ]  ///////////////////  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
 
\\\\\\\\\  [ Infected Files / Folders ]  ///////////////////  
 
 
################## [ C:\ ] 
 
 
################## [ C:\WINDOWS ] 
 
 
################## [ C:\WINDOWS\Prefetch ] 
 
Deleted ! - C:\WINDOWS\prefetch\PATCHER_S4.EXE-2B448682.pf 
 
################## [ C:\WINDOWS\system32 ] 
 
 
################## [ C:\WINDOWS\system32\drivers ] 
 
 
################## [ C:\Documents and Settings\HP_Administrateur\Application Data ] 
 
 
################## [ C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp ] 
 
 
################## [ C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5 ] 
 
 
\\\\\\\\\  [  Registry / Infected keys ]  ///////////////////  
 
 
\\\\\\\\\  [ States / Restarting of services ]  ///////////////////  
 

# Services : [ Auto=2 / Request=3 / Disable=4 ] 

Ndisuio - # Type of startup  = 3 
 
Ip6Fw - # Type of startup  = 2 
 
SharedAccess - # Type of startup  = 2 
 
wuauserv - # Type of startup  = 2 
 
wscsvc - # Type of startup  = 2 
 
 
\\\\\\\\\  [ Cleaning Removable drives ]  ///////////////////  
 
# Informations : 

C: - Lecteur fixe

D: - Lecteur fixe

J: - Lecteur amovible

 
# deleting files : 
 
Deleted ! - D:\autorun.inf  
Deleted ! - D:\info.exe  
 
\\\\\\\\\  [ Registry / Mountpoint2 ]  ///////////////////  
 
 
 -> Not found ! 
 
 
\\\\\\\\\  [ Searching Other Infections ]  ///////////////////  
 
 
\\\\\\\\\  [ Searching Cracks / Keygen ]  ///////////////////  
 
C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\Animal Playground\01 Animal Crackers.mp3
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\HyperCam v2.10.02 + Crack.rar
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\Nero 7.0.1.2 Ultra Edition with Keygen - English.zip
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\NOD32.Antivirus.v2.70.39.FR.Incl-Crack.rar
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\Ulead VideoStudio 11 Plus FR.Crack.rar
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\OFFICE XP PRO COPIE CD\Crack OfficeXP
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\OFFICE XP PRO COPIE CD\Crack OfficeXP\Crack.exe
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\OFFICE XP PRO COPIE CD\Crack OfficeXP\file_id.diz
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\The Sims 2\Documentation\Crack
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\The Sims 2\Documentation\Crack\Sims2EP7.exe
C:\Program Files\Gpotato.eu\Flyff\Sound\PcSkillD-Burstcrack.wav
C:\Program Files\MSN Games\Bejeweled 2 Deluxe\sounds\cached_firecrackle.wav
 
################## [ ! End of report #   ! ]

InfernO.vir · Answer

Ok,

Alors tu vas me faire le plaisir de virer ca tout de suite :

C:\Documents and Settings\HP_Administrateur\Mes documents\Ma musique\Animal Playground\01 Animal Crackers.mp3 
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\HyperCam v2.10.02 + Crack.rar 
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\Nero 7.0.1.2 Ultra Edition with Keygen - English.zip 
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\NOD32.Antivirus.v2.70.39.FR.Incl-Crack.rar 
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\Ulead VideoStudio 11 Plus FR.Crack.rar 
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\OFFICE XP PRO COPIE CD\Crack OfficeXP 
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\OFFICE XP PRO COPIE CD\Crack OfficeXP\Crack.exe 
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\OFFICE XP PRO COPIE CD\Crack OfficeXP\file_id.diz 
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\The Sims 2\Documentation\Crack 
C:\Documents and Settings\HP_Administrateur\Mes documents\T‚l‚chargements\The Sims 2\Documentation\Crack\Sims2EP7.exe 
C:\Program Files\Gpotato.eu\Flyff\Sound\PcSkillD-Burstcrack.wav 
C:\Program Files\MSN Games\Bejeweled 2 Deluxe\sounds\cached_firecrackle.wav

Ces cracks sont la causes de l'infection (pas tous) mais si tu ne les supprimes pas, l'infection pourra se regenerer et moi je perds mon temps. :)

Une fois ceci supprimé, poste un nouveau rapport Hijackthis.

GalopaWXY · Answer

Ah mais noooon XD mes programmes !
Bon, tu ne m'en voudras pas si je laisse les sons quand même ? x) ils sortent de jeux vidéos (gPotato => Flyff, les Sims...), et le premier mp3 vient d'un album qui s'appelle Animal Playground et dont j'ai la boite devant moi dans ma tour à CD ^^ ya juste le mot "crack" dedans mais c'est inoffensif.

La plupart des cracks de programmes que tu as trouvés sont extrêmement vieux, et je m'en sers depuis des années sur divers PC sans avoir jamais rencontré le moindre souci :( mais je vais les enlever si tu veux. (tiens, Office XP n'a jamais fonctionné, je sais pas ce qu'il fabrique encore là lui)

Voilà, supprimés, corbeille vidée, nouveau scan, voici le rapport :


____________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:11, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.horses-sales.com/dressage_horses_for_sale.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\clySmic\Lunar Almanack\Lunabar.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FECCB915-E267-4E9C-A29A-F57A3B84C27C}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

InfernO.vir · Answer

Ok pour les sons, findykill les a reperés a cause du mot clé "crack"

-Relance Hijackthis

-Choisis "Do a system scan only"

-Coche devant toutes ces lignes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

-Clique sur fix checked
____________________________________________

Ensuite :

télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau 

dézippe le dossier, double-clique sur GenProc.bat 
et poste le contenu du rapport qui s'ouvre 

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html


Bonne nuit, a demain.

GalopaWXY · Answer

Magnifique XD ce programme m'a demandé si je me faisais aider sur un forum !

J'ai eu une liste d'instructions, la voici :
Dois-je les suivre ?

En tout cas merci mille fois pour ton temps, recevoir de l'aide m'évite de paniquer, j'ai toujours redouté les keyloggers et me dire que je pourrais en avoir attrapé un... argh

Bonne nuit si tu pars te coucher, à demain ^^

_______________________________________________________


Rapport GenProc 2.366 [1] - le 08/02/2009 à  0:53:03 - Windows XP 
 
# Etape 1/ Télécharge :
 
- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
Ce logiciel va permettre de supprimer tous les fichiers temporaires.
Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.


 Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** HP_Administrateur ***  

 
# Etape 2/ 
 
 Lance Toolbar-S&D situé sur le Bureau.
 Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/ 
 
 Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
 
# Etape 4/ 
 
 Redémarre normalement et poste, dans la même réponse : 
 
- Le contenu du rapport C:\TB.txt ; 
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ; 

 Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
 
____________________________________________________________________________________________________________
 
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

GalopaWXY · Answer

Ca y est, Paypal inaccessible, on est dimanche... pas moyen de contacter ma banque...

InfernO.vir · Answer

Bonjour,

Suis les etapes que Genproc t'a precisé stp.

Soit dans l'ordre :

Ccleaner-ToolBar s&d-Hijackthis

GalopaWXY · Answer

J'ai suivi ce que m'a dit GenProc, voici les deux rapports (TB et HijackThis)

J'ai aussi sauvegardé celui de CCleaner si tu le veux



____________________________________________________________________

   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
   BIOS : Phoenix - Award BIOS v6.00PG
   USER : HP_Administrateur ( Administrator )
   BOOT : Fail-safe boot
   Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
   C:\ (Local Disk) - NTFS - Total:179 Go (Free:6 Go)
   D:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
   E:\ (CD or DVD)
   F:\ (CD or DVD)
   G:\ (CD or DVD)
   J:\ (USB) - FAT - Total:944 Mo (Free:0 Go)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 08/02/2009|19:12 )
   C:\WINDOWS\iun6002.exe

   -----------\ SUPPRESSION

   Supprime! - C:\WINDOWS\iun6002.exe

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (HP_Administrateur) - {888d99e7-e8b5-46a3-851e-1ec45da1e644} => reloadevery
   (HP_Administrateur) - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} => greasemonkey


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\SYSTEM32\blank.htm"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\HP_ADM~1\Mes documents\T‚l‚chargements\HyperCam v2.10.02 + Crack.rar
   C:\DOCUME~1\HP_ADM~1\Mes documents\T‚l‚chargements\NOD32.Antivirus.v2.70.39.FR.Incl-Crack.rar
   C:\DOCUME~1\HP_ADM~1\Mes documents\T‚l‚chargements\Ulead VideoStudio 11 Plus FR.Crack.rar



   1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|19:17 - Option : [2]

   -----------\  Fin du rapport a 19:17:06,64



____________________________________________________________________




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:28, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset
od32kui.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\clySmic\Lunar Almanack\Lunabar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.horses-sales.com/dressage_horses_for_sale.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\clySmic\Lunar Almanack\Lunabar.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FECCB915-E267-4E9C-A29A-F57A3B84C27C}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1E71354B-4388-408F-85BC-09224615E7B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

GalopaWXY · Answer

Je viens de re-supprimer les trois cracks que TB a trouvé, je l'avais déjà fait...

Piratage de compte MSN => QUE FAIRE ?!

20 réponses

Newsletters