Flux rss
Ils ont besoin de votre aide
Collection CommentCaMarche.net
Rechercher : dans
Par : Pertinence Date Nom d'utilisateur
32 réponses 12 Suivant
Statut : Résolu

[virus&spyware] infecté par smitfraud-c

Marc, le mercredi 8 novembre 2006 à 21:18:21
J'ai un pb avec Smitfraud-C et probablement d'autre spy et trojan
impossible d'accèder à ma connexion internet (livebox inventel)


j'ai réinitialisé la livebox (j'aurais pas dû car ça ne m'a servi à rien!)
j'ai récupérer à partir d'un autre pc smitfraudfix et hijackthis

après éxécution sur le pc malade pas de changt : Spy bot, Ad aware et Avast version familiale ne détectent rien !! et je ne peux tjrs pas me connecter...

voici le rapport de "hijackthis"

Logfile of HijackThis v1.99.1
Scan saved at 17:59:02, on 08/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
E:\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Marc MOULIOT\Mes documents\??stem32\r?gsvr32.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\CCleaner\ccleaner.exe
E:\WinRAR\WinRAR.exe
C:\DOCUME~1\MARCMO~1\LOCALS~1\Temp\Rar$EX00.829\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [SmcService] E:\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhik.dll,startup
O4 - HKLM\..\Run: [xeglhx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xeglhx.dll,aekuvx
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Oots] "C:\DOCUME~1\MARCMO~1\APPLIC~1\STEM32~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Ygpdr] C:\Documents and Settings\Marc MOULIOT\Mes documents\??stem32\r?gsvr32.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/1,0,0,9/McUpdatePortal.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4810/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9637BD7-ACEC-4BF6-9FB3-A41646E61114}: NameServer = 192.168.1.1,87.124.71.47
O18 - Protocol: bw+0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Unknown owner - E:\Sygate\SPF\smc.exe (file missing)


quels sont les registres que je dois supprimer ainsi que les trojan ou autre spy à virer avec quels outils ?

merci de votre aide

Marc
Répondre à Marc  Signaler ce message aux modérateurs Aller au dernier message

1


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Séb08, le mercredi 8 novembre 2006 à 21:36:08
slt,

Avant toutes chose désinstalle et réinstalle correctement hijack car tu l'as mal installé là ou il est , et tu n'auras pas accès aux backups en cas de mauvaise manip donc réinstalle comme suit :

Dézippe le dans un dossier prévu à cet effet.

Par exemple C:\hijackthis < Enregistre le bien dans c : !

Démo (merci à Balltrap) :
instalation hijackthis
http://pageperso.aol.fr/balltrap34/Hijenr.gif

===================================

Télécharges smitfraudfix:

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisis l option 1
cela vas générer un rapport.
Si tu vois des lignes avec PRESENT!

- > Continue la manip qui suit.

* Redémarres le PC en mode sans échec : Au démarrage tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le [mode sans échec]

* Ouvre le dossier [SmitfraudFix] et double clic sur Smitfraudfix.cmd, choisit l’option 2 et tu réponds oui à tout.

Copie/colle le rapport sur le forum stp.

==============================

rédémarre en mode normal

Fais un clic droit sur l'outil HijackThis! - > "Renommer", puis renomme-le en scan.exe par exemple.

Lance HijackThis! (double clique scan.exe) puis clique Do a system scan and save a logfile, puis poste le rapport ici.


Bon courage.

a+ ***** Have a good day *****
   
Répondre à Séb08

2


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Rahan78, le jeudi 9 novembre 2006 à 09:32:33
voici le rapport après l'éxécution de smitfraudfix (option2)
Rq1 : pour l'option 2 je n'ai pas eu de message me demandant de répondre par oui ou non !
Rq2 : j'ai fait 2 fois la manip avec smitfraudfix ; le rapport (option1) de ma 2ème manip était identique au rapport (option1) de la première manip bien que le nettoyage des fichiers infectés avait fait lors de la première manip (option2)


SmitFraudFix v2.119

Rapport fait à 8:49:28,87, 09/11/2006
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\drvhik.dll PRESENT !
C:\WINDOWS\system32\components\flx?.dll PRESENT !
C:\WINDOWS\system32\components\flx??.dll PRESENT !
C:\WINDOWS\system32\components\flx???.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marc MOULIOT


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marc MOULIOT\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARCMO~1\Favoris

C:\DOCUME~1\MARCMO~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


voici le rapport d'hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 09:00:09, on 09/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Winamp\winampa.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Marc MOULIOT\Mes documents\??stem32\r?gsvr32.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Hijackthis\scan.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D52A4A6-2C1D-30A6-3B09-01A3C73A8579} - C:\WINDOWS\system32\dkbrbuc.dll
O2 - BHO: (no name) - {6467AE69-600F-47A0-A6E6-D008E9A6E574} - C:\WINDOWS\system32\geeba.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\uodwbpgk.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhik.dll,startup
O4 - HKLM\..\Run: [xeglhx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xeglhx.dll,aekuvx
O4 - HKLM\..\Run: [Install5G] K:\Install.exe plug_Cameo
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Oots] "C:\DOCUME~1\MARCMO~1\APPLIC~1\STEM32~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Ygpdr] C:\Documents and Settings\Marc MOULIOT\Mes documents\??stem32\r?gsvr32.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9637BD7-ACEC-4BF6-9FB3-A41646E61114}: NameServer = 192.168.1.1,87.124.71.47
O18 - Protocol: bw+0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Unknown owner - E:\Sygate\SPF\smc.exe (file missing)

merci pour les conseils

Marc
   
Répondre à Rahan78

3


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Séb08, le jeudi 9 novembre 2006 à 12:21:51
Ok c'est bien ce qu'il me semblait Vundo est présent

Télécharge VundoFix (par Atribune) de ce lien :
http://www.atribune.org/ccount/click.php?id=4

* Sauvegarde-le sur ton Bureau.
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo"

=================================

Il me faut le rapport option 2 de smitfraudfix. STP.

a+
***** Have a good day *****
   
Répondre à Séb08

4


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Rahan78, le jeudi 9 novembre 2006 à 12:31:01
je fais de suite les manip pour vundo

ci joint le précédent rapport de smitfraud option2

SmitFraudFix v2.119

Rapport fait à 8:49:28,87, 09/11/2006
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\drvhik.dll PRESENT !
C:\WINDOWS\system32\components\flx?.dll PRESENT !
C:\WINDOWS\system32\components\flx??.dll PRESENT !
C:\WINDOWS\system32\components\flx???.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marc MOULIOT


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marc MOULIOT\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARCMO~1\Favoris

C:\DOCUME~1\MARCMO~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


bonne pause déj'

Marc
   
Répondre à Rahan78

5


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Séb08, le jeudi 9 novembre 2006 à 12:33:09
A mon avis tu dois choisir l'option 1 en mode sans echec ...

A refaire merci.

a+ ***** Have a good day *****
   
Répondre à Séb08

6


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Rahan78, le jeudi 9 novembre 2006 à 13:00:37
manip ok

voici les rapports

VUNDOFIX


VundoFix V6.2.8

Checking Java version...

Sun Java not detected
Scan started at 12:47:34 09/11/2006

Listing files found while scanning....

C:\WINDOWS\system32\dkbrbuc.dll
C:\WINDOWS\system32\winosz32.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.ini2
C:\WINDOWS\system32\abeeg.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dkbrbuc.dll
C:\WINDOWS\system32\dkbrbuc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winosz32.dll
C:\WINDOWS\system32\winosz32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geeba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abeeg.ini2
C:\WINDOWS\system32\abeeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abeeg.tmp
C:\WINDOWS\system32\abeeg.tmp Has been deleted!

Performing Repairs to the registry.
Done!


HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 12:54:00, on 09/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
E:\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Marc MOULIOT\Mes documents\??stem32\r?gsvr32.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D52A4A6-2C1D-30A6-3B09-01A3C73A8579} - C:\WINDOWS\system32\dkbrbuc.dll (file missing)
O2 - BHO: (no name) - {6467AE69-600F-47A0-A6E6-D008E9A6E574} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\uodwbpgk.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhik.dll,startup
O4 - HKLM\..\Run: [xeglhx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xeglhx.dll,aekuvx
O4 - HKLM\..\Run: [Install5G] K:\Install.exe plug_Cameo
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Oots] "C:\DOCUME~1\MARCMO~1\APPLIC~1\STEM32~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Ygpdr] C:\Documents and Settings\Marc MOULIOT\Mes documents\??stem32\r?gsvr32.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9637BD7-ACEC-4BF6-9FB3-A41646E61114}: NameServer = 192.168.1.1,87.124.71.47
O18 - Protocol: bw+0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B9A88A40-5B39-4B2F-B5C1-7F3ADE838548} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Unknown owner - E:\Sygate\SPF\smc.exe (file missing)

PS : je me demande si je ne vais pas virer sygate pour un autre firewall mais je ne sais pas bien ce qui existe en gratuit et utilisable par un non initié...

encore merci pour les conseils

Marc
   
Répondre à Rahan78

7


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Séb08, le jeudi 9 novembre 2006 à 17:43:04
je ne pense pas que sygate fonctionne en ce moment sur ta bécane ...mais on verra ça + tard .

Télécharge ceci:

1)http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci Moe31 et Balltrap34)
2) Dézippe-le (clic droit dessus > extraire tout)
et lance lopxp.bat

Copies et colles le rapport ici.

a+ ***** Have a good day *****
   
Répondre à Séb08

8


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Rahan78, le vendredi 10 novembre 2006 à 00:10:17
comme je ne savais pas où décompresser lopxp, je l'ai exécuté 2 fois

à partir du bureau voici le rapport

Rapport fait à 23:52:39,43 le 09/11/2006

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 684A-4C27

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

08/11/2006 16:05 62 desktop.ini
08/11/2006 16:05 <REP> ..
08/11/2006 16:05 <REP> Microsoft
08/11/2006 16:05 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 25879482368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 684A-4C27

R‚pertoire de C:\Documents and Settings\All Users\Application Data

08/11/2006 18:01 <REP> Yahoo! Companion
21/09/2006 11:09 <REP> yahoo!
31/08/2006 11:10 <REP> Adobe
26/07/2006 13:08 <REP> Spybot - Search & Destroy
26/07/2006 11:45 <REP> DVD Shrink
26/07/2006 08:33 <REP> Windows Genuine Advantage
15/07/2006 17:39 <REP> CyberLink
13/07/2006 18:03 <REP> McAfee.com
13/07/2006 08:35 <REP> nView_Profiles
12/07/2006 23:00 62 desktop.ini
12/07/2006 23:00 <REP> ..
12/07/2006 23:00 <REP> .
12/07/2006 23:00 <REP> Microsoft
1 fichier(s) 62 octets
12 R‚p(s) 25879478272 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 684A-4C27

R‚pertoire de C:\Documents and Settings\CAP LIBERTE\Application Data

01/09/2006 13:53 16760 GDIPFONTCACHEV1.DAT
21/07/2006 08:37 <REP> Logitech
15/07/2006 17:54 <REP> CyberLink
13/07/2006 10:15 <REP> AdobeUM
13/07/2006 10:14 <REP> Adobe
13/07/2006 08:44 <REP> Macromedia
12/07/2006 21:24 <REP> Identities
12/07/2006 21:24 62 desktop.ini
12/07/2006 21:24 <REP> .
12/07/2006 21:24 <REP> ..
12/07/2006 21:24 <REP> Microsoft
2 fichier(s) 16822 octets
9 R‚p(s) 25879478272 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 684A-4C27

R‚pertoire de C:\Documents and Settings\Default User\Application Data

12/07/2006 23:00 62 desktop.ini
12/07/2006 23:00 <REP> ..
12/07/2006 23:00 <REP> Microsoft
12/07/2006 23:00 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 25879478272 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 684A-4C27

R‚pertoire de C:\Documents and Settings\Elodie DELLIS\Application Data

08/11/2006 09:39 <REP> Real
26/07/2006 13:16 <REP> Lavasoft
26/07/2006 09:10 <REP> AdobeUM
26/07/2006 09:10 <REP> Adobe
24/07/2006 14:20 <REP> Ahead
24/07/2006 12:17 <REP> Help
21/07/2006 09:35 <REP> Macromedia
21/07/2006 08:58 <REP> Logitech
14/07/2006 21:27 <REP> Identities
14/07/2006 21:27 62 desktop.ini
14/07/2006 21:27 <REP> Microsoft
14/07/2006 21:27 <REP> .
14/07/2006 21:27 <REP> ..
1 fichier(s) 62 octets
12 R‚p(s) 25879478272 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 684A-4C27

R‚pertoire de C:\Documents and Settings\Marc MOULIOT\Application Data

07/11/2006 13:04 <REP> ??stem32
06/11/2006 08:54 <REP> Real
05/10/2006 07:46 <REP> LivingActor
11/09/2006 10:05 16760 GDIPFONTCACHEV1.DAT
06/09/2006 18:43 <REP> MSNInstaller
28/07/2006 07:22 <REP> InterTrust
28/07/2006 07:21 <REP> Ahead
28/07/2006 07:14 <REP> CyberLink
26/07/2006 12:16 <REP> Lavasoft
20/07/2006 07:50 <REP> Logitech
19/07/2006 16:20 <REP> AdobeUM
19/07/2006 16:20 <REP> Adobe
18/07/2006 16:19 <REP> Help
18/07/2006 10:24 <REP> Macromedia
18/07/2006 09:59 <REP> Identities
18/07/2006 09:59 62 desktop.ini
18/07/2006 09:59 <REP> ..
18/07/2006 09:59 <REP> .
18/07/2006 09:59 <REP> Microsoft
2 fichier(s) 16822 octets
17 R‚p(s) 25879474176 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 684A-4C27

R‚pertoire de C:\WINDOWS\Tasks

12/07/2006 21:20 6 SA.DAT
12/07/2006 21:11 65 desktop.ini
12/07/2006 21:11 <REP> ..
12/07/2006 21:11 <REP> .
2 fichier(s) 71 octets
2 R‚p(s) 25ÿ879ÿ474ÿ176 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************

à partir de la racine de c:\ voici le rapport

Rapport fait à 23:52:39,43 le 09/11/2006

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 684A-4C27

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

08/11/2006 16:05 62 desktop.ini
08/11/2006 16:05 <REP> ..
08/11/2006 16:05 <REP> Microsoft
08/11/2006 16:05 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 25879482368 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 684A-4C27

R‚pertoire de C:\Documents and Settings\All Users\Application Data

08/11/2006 18:01 <REP> Yahoo! Companion
21/09/2006 11:09 <REP> yahoo!
31/08/2006 11:10 <REP> Adobe
26/07/2006 13:08 <REP&g