A voir également:
- Virus exiplorer
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
7 réponses
▶ Télécharge FindyKill sur ton bureau :
http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
! Déconnecte toi et ferme toutes applications en cours !
• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
! Déconnecte toi et ferme toutes applications en cours !
• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Salut ,
▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt .
▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt .
voici le resultat log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Adrien at 2009-07-15 17:38:37
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (17%) free of 38 GB
Total RAM: 765 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:03, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Generic\USB Card Reader Driver v2.0c\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\adslTV\adsltv.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Adrien\Local Settings\Temporary Internet Files\Content.IE5\FSAY6H3O\RSIT[1].exe
C:\Program Files\trend micro\Adrien.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par IE 8 FOURNI PAR 01NET.COM
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 213.199.246.103 ibank.barclays.co.uk
O1 - Hosts: 213.199.246.103 online-business.lloydstsb.co.uk
O1 - Hosts: 213.199.246.103 online.lloydstsb.co.uk
O1 - Hosts: 213.199.246.103 www.halifax-online.co.uk
O1 - Hosts: 213.199.246.103 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 213.199.246.103 www.nwolb.com
O1 - Hosts: 213.199.246.103 banesnet.banesto.es
O1 - Hosts: 213.199.246.103 extranet.banesto.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.0c\Disk_Monitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Update] winaupd22.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Update] winaupd22.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Update] winaupd22.exe (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.ecran.org/...
Logfile of random's system information tool 1.06 (written by random/random)
Run by Adrien at 2009-07-15 17:38:37
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (17%) free of 38 GB
Total RAM: 765 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:03, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Generic\USB Card Reader Driver v2.0c\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\adslTV\adsltv.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Adrien\Local Settings\Temporary Internet Files\Content.IE5\FSAY6H3O\RSIT[1].exe
C:\Program Files\trend micro\Adrien.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par IE 8 FOURNI PAR 01NET.COM
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 213.199.246.103 ibank.barclays.co.uk
O1 - Hosts: 213.199.246.103 online-business.lloydstsb.co.uk
O1 - Hosts: 213.199.246.103 online.lloydstsb.co.uk
O1 - Hosts: 213.199.246.103 www.halifax-online.co.uk
O1 - Hosts: 213.199.246.103 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 213.199.246.103 www.nwolb.com
O1 - Hosts: 213.199.246.103 banesnet.banesto.es
O1 - Hosts: 213.199.246.103 extranet.banesto.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.0c\Disk_Monitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Update] winaupd22.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Update] winaupd22.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Update] winaupd22.exe (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {19C3214D-074D-48FE-A946-6F1C8548577F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.ecran.org/...
############################## | FindyKill V6.006 |
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Generic\USB Card Reader Driver v2.0c\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
################## | Registre Startup |
R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
R1 - HKCU\..\Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
R1 - HKCU\..\Main: "Window Title"="Windows Internet Explorer fourni par IE 8 FOURNI PAR 01NET.COM"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Adrien"
F2 - HKLM\..\logon:"AltDefaultUserName"="Adrien"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: Disk Monitor=C:\Program Files\Generic\USB Card Reader Driver v2.0c\Disk_Monitor.exe
04 - HKLM\..\Run: SoundMan=SOUNDMAN.EXE
04 - HKLM\..\Run: Microsoft Works Update Detection=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
04 - HKLM\..\Run: MsgCenterExe="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
04 - HKLM\..\Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
04 - HKLM\..\Run: MSConfig=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKLM\..\Srv: Microsoft Update=winaupd22.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\system32\ddr.exe
################## | C:\Documents and Settings\Adrien\Temporary Internet Files |
################## | All Drives ... |
C:\autorun.inf # -> fichier appelé : "C:\x0.cmd" ( Absent ! )
Présent ! C:\autorun.inf
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "FirewallOverride" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{37a41430-6636-11dd-ac5d-0040cac81d44}
Shell\AutoRun\command =E:\x0.cmd
Shell\explore\Command =E:\x0.cmd
Shell\open\Command =E:\x0.cmd
HKCU\..\..\Explorer\MountPoints2\{4ba8f9df-698b-11dd-ac63-0040cac81d44}
Shell\AutoRun\command =I:\x0.cmd
Shell\explore\Command =I:\x0.cmd
Shell\open\Command =I:\x0.cmd
HKCU\..\..\Explorer\MountPoints2\{80fc2786-c103-11dc-abf8-0040cac81d44}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
HKCU\..\..\Explorer\MountPoints2\{ae4900d0-b98d-11d9-a1f3-806d6172696f}
Shell\AutoRun\command =x0.cmd
Shell\explore\Command =x0.cmd
Shell\open\Command =x0.cmd
HKCU\..\..\Explorer\MountPoints2\{ddf31b4a-78eb-11db-ab8e-0040cac81d44}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
HKCU\..\..\Explorer\MountPoints2\{ecc72980-bfea-11dc-abf6-0040cac81d44}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V6.006 ! |
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Generic\USB Card Reader Driver v2.0c\Disk_Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
################## | Registre Startup |
R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
R1 - HKCU\..\Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
R1 - HKCU\..\Main: "Window Title"="Windows Internet Explorer fourni par IE 8 FOURNI PAR 01NET.COM"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Adrien"
F2 - HKLM\..\logon:"AltDefaultUserName"="Adrien"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: Disk Monitor=C:\Program Files\Generic\USB Card Reader Driver v2.0c\Disk_Monitor.exe
04 - HKLM\..\Run: SoundMan=SOUNDMAN.EXE
04 - HKLM\..\Run: Microsoft Works Update Detection=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
04 - HKLM\..\Run: MsgCenterExe="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
04 - HKLM\..\Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
04 - HKLM\..\Run: MSConfig=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKLM\..\Srv: Microsoft Update=winaupd22.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\system32\ddr.exe
################## | C:\Documents and Settings\Adrien\Temporary Internet Files |
################## | All Drives ... |
C:\autorun.inf # -> fichier appelé : "C:\x0.cmd" ( Absent ! )
Présent ! C:\autorun.inf
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "FirewallOverride" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{37a41430-6636-11dd-ac5d-0040cac81d44}
Shell\AutoRun\command =E:\x0.cmd
Shell\explore\Command =E:\x0.cmd
Shell\open\Command =E:\x0.cmd
HKCU\..\..\Explorer\MountPoints2\{4ba8f9df-698b-11dd-ac63-0040cac81d44}
Shell\AutoRun\command =I:\x0.cmd
Shell\explore\Command =I:\x0.cmd
Shell\open\Command =I:\x0.cmd
HKCU\..\..\Explorer\MountPoints2\{80fc2786-c103-11dc-abf8-0040cac81d44}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
HKCU\..\..\Explorer\MountPoints2\{ae4900d0-b98d-11d9-a1f3-806d6172696f}
Shell\AutoRun\command =x0.cmd
Shell\explore\Command =x0.cmd
Shell\open\Command =x0.cmd
HKCU\..\..\Explorer\MountPoints2\{ddf31b4a-78eb-11db-ab8e-0040cac81d44}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
HKCU\..\..\Explorer\MountPoints2\{ecc72980-bfea-11dc-abf6-0040cac81d44}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V6.006 ! |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
• Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
• Le pc va redémarrer automatiquement ...
▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
• Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
• Le pc va redémarrer automatiquement ...
▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
voici le rapport
############################## | FindyKill V6.006 |
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\system32\ddr.exe
################## | C:\Documents and Settings\Adrien\Temporary Internet Files |
################## | All Drives ... |
C:\autorun.inf # -> fichier appelé : "C:\x0.cmd" ( Absent ! )
Supprimé ! C:\autorun.inf
################## | Autres ... |
################## | Registre # Clés Run infectieuses |
# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "FirewallOverride" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{37a41430-6636-11dd-ac5d-0040cac81d44}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4ba8f9df-698b-11dd-ac63-0040cac81d44}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{80fc2786-c103-11dc-abf8-0040cac81d44}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ddf31b4a-78eb-11db-ab8e-0040cac81d44}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ecc72980-bfea-11dc-abf6-0040cac81d44}\Shell\Auto\Command
################## | Listing des fichiers présent |
[30/04/2005 15:59|--a------|0] - C:\AUTOEXEC.BAT
[15/07/2009 16:45|-rahs----|216] - C:\boot.ini
[24/04/2003 21:00|-rahs----|4952] - C:\Bootfont.bin
[30/04/2005 15:59|--a------|0] - C:\CONFIG.SYS
[15/07/2009 19:50|--a------|2483] - C:\FindyKill.txt
[30/04/2005 15:59|-rahs----|0] - C:\IO.SYS
[30/04/2005 15:59|-rahs----|0] - C:\MSDOS.SYS
[05/05/2005 08:42|-rahs----|47564] - C:\NTDETECT.COM
[13/07/2009 16:25|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[27/03/2008 10:52|--a------|90] - C:\Setup.log
[26/12/2007 19:16|--ah-----|232] - C:\sqmdata00.sqm
[11/01/2008 05:15|--ah-----|232] - C:\sqmdata01.sqm
[13/01/2008 21:39|--ah-----|232] - C:\sqmdata02.sqm
[27/11/2008 00:37|--ah-----|268] - C:\sqmdata03.sqm
[03/01/2009 21:32|--ah-----|232] - C:\sqmdata04.sqm
[03/01/2009 21:32|--ah-----|136] - C:\sqmdata05.sqm
[22/04/2009 20:12|--ah-----|232] - C:\sqmdata06.sqm
[23/04/2009 11:34|--ah-----|232] - C:\sqmdata07.sqm
[28/04/2009 11:54|--ah-----|232] - C:\sqmdata08.sqm
[30/04/2009 20:35|--ah-----|232] - C:\sqmdata09.sqm
[05/05/2009 11:59|--ah-----|232] - C:\sqmdata10.sqm
[03/07/2009 11:38|--ah-----|232] - C:\sqmdata11.sqm
[04/07/2009 00:15|--ah-----|232] - C:\sqmdata12.sqm
[04/07/2009 01:43|--ah-----|232] - C:\sqmdata13.sqm
[12/07/2009 14:51|--ah-----|232] - C:\sqmdata14.sqm
[13/07/2009 00:02|--ah-----|232] - C:\sqmdata15.sqm
[15/07/2009 03:31|--ah-----|232] - C:\sqmdata16.sqm
[15/07/2009 11:23|--ah-----|232] - C:\sqmdata17.sqm
[26/12/2007 19:16|--ah-----|244] - C:\sqmnoopt00.sqm
[11/01/2008 05:15|--ah-----|244] - C:\sqmnoopt01.sqm
[13/01/2008 21:39|--ah-----|244] - C:\sqmnoopt02.sqm
[27/11/2008 00:37|--ah-----|244] - C:\sqmnoopt03.sqm
[03/01/2009 21:32|--ah-----|244] - C:\sqmnoopt04.sqm
[22/04/2009 20:12|--ah-----|244] - C:\sqmnoopt05.sqm
[23/04/2009 11:34|--ah-----|244] - C:\sqmnoopt06.sqm
[28/04/2009 11:54|--ah-----|244] - C:\sqmnoopt07.sqm
[30/04/2009 20:35|--ah-----|244] - C:\sqmnoopt08.sqm
[05/05/2009 11:59|--ah-----|244] - C:\sqmnoopt09.sqm
[03/07/2009 11:38|--ah-----|244] - C:\sqmnoopt10.sqm
[04/07/2009 00:15|--ah-----|244] - C:\sqmnoopt11.sqm
[04/07/2009 01:43|--ah-----|244] - C:\sqmnoopt12.sqm
[12/07/2009 14:51|--ah-----|244] - C:\sqmnoopt13.sqm
[13/07/2009 00:02|--ah-----|244] - C:\sqmnoopt14.sqm
[15/07/2009 03:31|--ah-----|244] - C:\sqmnoopt15.sqm
[15/07/2009 11:23|--ah-----|244] - C:\sqmnoopt16.sqm
[13/07/2009 00:08|--a------|150] - C:\YServer.txt
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V6.006 ! |
############################## | FindyKill V6.006 |
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\system32\ddr.exe
################## | C:\Documents and Settings\Adrien\Temporary Internet Files |
################## | All Drives ... |
C:\autorun.inf # -> fichier appelé : "C:\x0.cmd" ( Absent ! )
Supprimé ! C:\autorun.inf
################## | Autres ... |
################## | Registre # Clés Run infectieuses |
# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "FirewallOverride" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{37a41430-6636-11dd-ac5d-0040cac81d44}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4ba8f9df-698b-11dd-ac63-0040cac81d44}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{80fc2786-c103-11dc-abf8-0040cac81d44}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ddf31b4a-78eb-11db-ab8e-0040cac81d44}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ecc72980-bfea-11dc-abf6-0040cac81d44}\Shell\Auto\Command
################## | Listing des fichiers présent |
[30/04/2005 15:59|--a------|0] - C:\AUTOEXEC.BAT
[15/07/2009 16:45|-rahs----|216] - C:\boot.ini
[24/04/2003 21:00|-rahs----|4952] - C:\Bootfont.bin
[30/04/2005 15:59|--a------|0] - C:\CONFIG.SYS
[15/07/2009 19:50|--a------|2483] - C:\FindyKill.txt
[30/04/2005 15:59|-rahs----|0] - C:\IO.SYS
[30/04/2005 15:59|-rahs----|0] - C:\MSDOS.SYS
[05/05/2005 08:42|-rahs----|47564] - C:\NTDETECT.COM
[13/07/2009 16:25|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[27/03/2008 10:52|--a------|90] - C:\Setup.log
[26/12/2007 19:16|--ah-----|232] - C:\sqmdata00.sqm
[11/01/2008 05:15|--ah-----|232] - C:\sqmdata01.sqm
[13/01/2008 21:39|--ah-----|232] - C:\sqmdata02.sqm
[27/11/2008 00:37|--ah-----|268] - C:\sqmdata03.sqm
[03/01/2009 21:32|--ah-----|232] - C:\sqmdata04.sqm
[03/01/2009 21:32|--ah-----|136] - C:\sqmdata05.sqm
[22/04/2009 20:12|--ah-----|232] - C:\sqmdata06.sqm
[23/04/2009 11:34|--ah-----|232] - C:\sqmdata07.sqm
[28/04/2009 11:54|--ah-----|232] - C:\sqmdata08.sqm
[30/04/2009 20:35|--ah-----|232] - C:\sqmdata09.sqm
[05/05/2009 11:59|--ah-----|232] - C:\sqmdata10.sqm
[03/07/2009 11:38|--ah-----|232] - C:\sqmdata11.sqm
[04/07/2009 00:15|--ah-----|232] - C:\sqmdata12.sqm
[04/07/2009 01:43|--ah-----|232] - C:\sqmdata13.sqm
[12/07/2009 14:51|--ah-----|232] - C:\sqmdata14.sqm
[13/07/2009 00:02|--ah-----|232] - C:\sqmdata15.sqm
[15/07/2009 03:31|--ah-----|232] - C:\sqmdata16.sqm
[15/07/2009 11:23|--ah-----|232] - C:\sqmdata17.sqm
[26/12/2007 19:16|--ah-----|244] - C:\sqmnoopt00.sqm
[11/01/2008 05:15|--ah-----|244] - C:\sqmnoopt01.sqm
[13/01/2008 21:39|--ah-----|244] - C:\sqmnoopt02.sqm
[27/11/2008 00:37|--ah-----|244] - C:\sqmnoopt03.sqm
[03/01/2009 21:32|--ah-----|244] - C:\sqmnoopt04.sqm
[22/04/2009 20:12|--ah-----|244] - C:\sqmnoopt05.sqm
[23/04/2009 11:34|--ah-----|244] - C:\sqmnoopt06.sqm
[28/04/2009 11:54|--ah-----|244] - C:\sqmnoopt07.sqm
[30/04/2009 20:35|--ah-----|244] - C:\sqmnoopt08.sqm
[05/05/2009 11:59|--ah-----|244] - C:\sqmnoopt09.sqm
[03/07/2009 11:38|--ah-----|244] - C:\sqmnoopt10.sqm
[04/07/2009 00:15|--ah-----|244] - C:\sqmnoopt11.sqm
[04/07/2009 01:43|--ah-----|244] - C:\sqmnoopt12.sqm
[12/07/2009 14:51|--ah-----|244] - C:\sqmnoopt13.sqm
[13/07/2009 00:02|--ah-----|244] - C:\sqmnoopt14.sqm
[15/07/2009 03:31|--ah-----|244] - C:\sqmnoopt15.sqm
[15/07/2009 11:23|--ah-----|244] - C:\sqmnoopt16.sqm
[13/07/2009 00:08|--a------|150] - C:\YServer.txt
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V6.006 ! |
Telecharge malwarebytes
https://www.malwarebytes.com/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
https://www.malwarebytes.com/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
