Winlogontrojan/worm

Résolu/Fermé
sandrine - 8 févr. 2007 à 13:51
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 18 févr. 2007 à 14:31
bonjour je suis novice et un message windows m'indique la présence de winlogon trojan/worm que puis je faire. Merci de votre aide.

10 réponses

green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
8 févr. 2007 à 13:58
Salut


Télécharge ceci sur ton bureau :

Lien : hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++
0
voici le rapporLogfile of HijackThis v1.99.1
Scan saved at 13:57:50, on 08/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prosvsys.exe /res
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1062_XP.cab
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058_XP.cab
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://ww1.dlv4.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaderphoto.com/XUpload.ocx
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - https://www.afternic.com/domains/downloadv3.com
O18 - Protocol: bw+0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

t merci de ton aide
0
salut green day que penses tu dy hijackthis que j'ai fait est ce que le problème avances?
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
8 févr. 2007 à 14:49
re

Télécharge Blacklight (de F-Secure) :

https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

++
0
voici 02/08/07 15:17:09 [Info]: BlackLight Engine 1.0.55 initialized
02/08/07 15:17:09 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/08/07 15:17:09 [Note]: 7019 4
02/08/07 15:17:09 [Note]: 7005 0
02/08/07 15:17:12 [Note]: 7006 0
02/08/07 15:17:12 [Note]: 7011 3436
02/08/07 15:17:12 [Note]: 7026 0
02/08/07 15:17:13 [Note]: 7026 0
02/08/07 15:17:13 [Note]: 7024 3
02/08/07 15:17:13 [Info]: Hidden process: C:\windows\system32\qznwovgmj.exe
02/08/07 15:17:18 [Note]: FSRAW library version 1.7.1021
voici le rapport obtenu je n'y comprends rien merci par avance
0
re sur mon bureau est apparu un 2em rapport le voici

02/08/07 15:05:46 [Info]: BlackLight Engine 1.0.55 initialized
02/08/07 15:05:46 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/08/07 15:05:46 [Note]: 7019 4
02/08/07 15:05:46 [Note]: 7005 0
02/08/07 15:06:01 [Note]: 7006 0
02/08/07 15:06:01 [Note]: 7011 3436
02/08/07 15:06:01 [Note]: 7026 0
02/08/07 15:06:01 [Note]: 7026 0
02/08/07 15:06:01 [Note]: 7024 3
02/08/07 15:06:01 [Info]: Hidden process: C:\windows\system32\qznwovgmj.exe
02/08/07 15:06:16 [Note]: FSRAW library version 1.7.1021
02/08/07 15:13:22 [Info]: Hidden file: c:\WINDOWS\system32\msclock32.dll
02/08/07 15:13:23 [Note]: 7002 0
02/08/07 15:13:23 [Note]: 7003 1
02/08/07 15:13:23 [Note]: 10002 1
02/08/07 15:13:26 [Info]: Hidden file: c:\WINDOWS\system32\msplock32.dll
02/08/07 15:13:26 [Note]: 7002 0
02/08/07 15:13:26 [Note]: 7003 1
02/08/07 15:13:26 [Note]: 10002 1
02/08/07 15:13:28 [Info]: Hidden file: c:\WINDOWS\system32\qznwovgmj.dat
02/08/07 15:13:28 [Note]: 10002 1
02/08/07 15:13:28 [Info]: Hidden file: C:\windows\system32\qznwovgmj.exe
02/08/07 15:13:28 [Note]: 10002 1
02/08/07 15:13:29 [Info]: Hidden file: c:\WINDOWS\system32\qznwovgmj_nav.dat
02/08/07 15:13:29 [Note]: 10002 1
02/08/07 15:13:29 [Info]: Hidden file: c:\WINDOWS\system32\qznwovgmj_navps.dat
02/08/07 15:13:29 [Note]: 10002 1
02/08/07 15:16:34 [Note]: 7007 0
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
8 févr. 2007 à 15:29
re

ok,

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

++
0
SmitFraudFix v2.141

Rapport fait à 15:42:34,78, 08/02/2007
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

voici le rapport à+
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
8 févr. 2007 à 16:07
re

ok,

# Affiche les dossiers système et fichiers cachés :
Ouvrir le poste de travail :
- Outils --> Options des dossiers
- Affichage --> zone Paramètres avancés
- Cocher : Afficher le contenu des dossiers système
- Cocher : Afficher les fichiers et dossiers cachés
- Décocher : Masquer les extensions des fichiers dont le type est connu
- Décocher : Masquer les fichiers protégés du système d'exploitation (recommandé)
répondre Oui au message
Clique sur "Appliquer à tous les dossiers"
Clique sur OK

# passe à l'option 2 de blacklight :

voir demo : http://perso.orange.fr/entraide-hijackthis/Mailskinner/Blacklight.htm

après le redemmarage du PC :

Télécharge Killbox sur ton Bureau :

http://www.downloads.subratam.org/KillBox.exe

Double-clique killbox.exe.
Choisis l'option "Delete on reboot".

Copie le texte gras ci-bas (sélectionne tout avec ta souris, clic-droit et "Copier") :

C:\windows\system32\qznwovgmj.exe
c:\WINDOWS\system32\msclock32.dll
c:\WINDOWS\system32\msplock32.dll
c:\WINDOWS\system32\qznwovgmj.dat
C:\windows\system32\qznwovgmj.exe
c:\WINDOWS\system32\qznwovgmj_nav.dat
c:\WINDOWS\system32\qznwovgmj_navps.dat


Clique sur le menu 'File' de KillBox (en haut à gauche) et choisis Paste from clipboard

Tous les fichiers doivent maintenant apparaître dans la boîte "Full Path of File to Delete".
Si tu cliques sur la petite flèche à droite de cette boîte, tu devrais y voir tous les fichiers collés !

Clique sur le bouton : All Files (!important!)

Clique maintenant sur le bouton Kill (cercle rouge avec un X blanc)
Killbox va te demander "...Would like to Reboot now ?", clique YES et attends le redémarrage.


ensuite poste un nouveau rapport de blacklignt stp

@+
0
re les fichires n'apparaissent pas dans la boite "full path of file to delete" quand je cliques sur la petite flèche il n'y a rien? Que faire merci d'avoir autant de patience
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
8 févr. 2007 à 16:49
re

pas grave, continues ...

++
0
02/08/07 17:01:43 [Info]: BlackLight Engine 1.0.55 initialized
02/08/07 17:01:43 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/08/07 17:01:43 [Note]: 7019 4
02/08/07 17:01:43 [Note]: 7005 0
02/08/07 17:01:45 [Note]: 7006 0
02/08/07 17:01:45 [Note]: 7011 1528
02/08/07 17:01:46 [Note]: 7026 0
02/08/07 17:01:46 [Note]: 7026 0
02/08/07 17:01:52 [Note]: FSRAW library version 1.7.1021
02/08/07 17:12:42 [Note]: 7007 0

voilà le rapport de blacklight
0
re je te joins les différents rapport obtenus

Logfile of HijackThis v1.99.1
Scan saved at 13:57:50, on 08/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prosvsys.exe /res
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1062_XP.cab
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058_XP.cab
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://ww1.dlv4.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaderphoto.com/XUpload.ocx
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - https://www.afternic.com/domains/downloadv3.com
O18 - Protocol: bw+0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:50:41 08/02/2007

+ Résultat de l'analyse:



C:\WINDOWS\system32\egaccess4_1064.dll -> Dialer.EgroupDial.aa : Aucune action entreprise.
C:\WINDOWS\system32\egaccess4_1065.dll -> Dialer.EgroupDial.x : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Aucune action entreprise.
HKU\S-1-5-21-3963556575-3176807384-3873573362-500\Software\EGDHTML -> Dialer.Generic : Aucune action entreprise.
C:\WINDOWS\system32\mwsrvacc.exe -> Dialer.InstantAccess.af : Aucune action entreprise.
C:\WINDOWS\system32\prosvsys.exe -> Dialer.InstantAccess.ai : Aucune action entreprise.
C:\WINDOWS\system32\EGDACCESS_1072.dll -> Dialer.InstantAccess.f : Aucune action entreprise.
C:\WINDOWS\system32\EGDACCESS.dll -> Dialer.InstantAccess.m : Aucune action entreprise.
C:\WINDOWS\system32\EGDACCESS_1073.dll -> Dialer.InstantAccess.m : Aucune action entreprise.
C:\WINDOWS\system32\EGDACCESS_1074.dll -> Dialer.InstantAccess.m : Aucune action entreprise.
C:\WINDOWS\system32\EGDACCESS_ASPIV4_1073.dll -> Dialer.InstantAccess.n : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Aucune action entreprise.
HKU\S-1-5-21-3963556575-3176807384-3873573362-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Aucune action entreprise.


Fin du rapportBitDefender Online Scanner



Scan report generated at: Thu, Feb 08, 2007 - 21:19:38





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
02:12:25

Files
678234

Folders
6915

Boot Sectors
3

Archives
22198

Packed Files
85275




Results

Identified Viruses
7

Infected Files
9

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
9




Engines Info

Virus Definitions
419408

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\hp\bin\Terminator.exe
Infected with: Trojan.Killapp.30208.A

C:\hp\bin\Terminator.exe
Disinfection failed

C:\hp\bin\Terminator.exe
Deleted

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132562.dll
Infected with: DeepScan:Generic.Dialer.DDF5A8AB

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132562.dll
Disinfection failed

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132562.dll
Deleted

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132563.dll
Infected with: DeepScan:Generic.Dialer.7762AD77

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132563.dll
Disinfection failed

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132563.dll
Deleted

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132564.dll
Infected with: DeepScan:Generic.Dialer.E841D137

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132564.dll
Disinfection failed

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132564.dll
Deleted

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132565.dll
Infected with: DeepScan:Generic.Dialer.949C67F6

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132565.dll
Disinfection failed

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132565.dll
Deleted

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132566.dll
Infected with: DeepScan:Generic.Dialer.E841D137

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132566.dll
Disinfection failed

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132566.dll
Deleted

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132567.dll
Infected with: DeepScan:Generic.Dialer.309F0008

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132567.dll
Disinfection failed

C:\System Volume Information\_restore{211185E4-3E3D-4923-87B5-FBFD527AD6D5}\RP477\A0132567.dll
Deleted

C:\WINDOWS\system32\EGACCESS.dll
Infected with: DeepScan:Generic.Dialer.399ED41B

C:\WINDOWS\system32\EGACCESS.dll
Disinfection failed

C:\WINDOWS\system32\EGACCESS.dll
Deleted

C:\WINDOWS\system32\egaccess4_1066.dll
Infected with: DeepScan:Generic.Dialer.399ED41B

C:\WINDOWS\system32\egaccess4_1066.dll
Disinfection failed

C:\WINDOWS\system32\egaccess4_1066.dll
Deleted



j'esperes avoir tout fait correctement.merci pour le decryptage
a+
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
8 févr. 2007 à 17:26
re

bien, fais ce qui est indiqué ici stp :

virus methode preliminaire de desinfection version fr

@+
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
8 févr. 2007 à 21:54
re

très bien , as tu supprimé tout ce qu'avg t'a trouvé ???

télécharge ceci et execute les :

1) Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

2) Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html

tuto :http://pageperso.aol.fr/balltrap34/adawrevid.asf

3) Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

tuto :
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm


et colle un nouveau hijackthis stp

++
0
salut me revoilà,voici le hijackthis aprés spybot et ad aware

Logfile of HijackThis v1.99.1
Scan saved at 12:18:04, on 09/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1062_XP.cab
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058_XP.cab
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://ww1.dlv4.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaderphoto.com/XUpload.ocx
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - https://www.afternic.com/domains/downloadv3.com
O18 - Protocol: bw+0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.EXE (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

à+
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
9 févr. 2007 à 15:49
Salut Sandrine

Je suis ici en coup de vent ( pas chez moi ) donc pour le hijack je te donnerai la marche à suivre ce soir !

sinon :


# Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1
Poste le rapport qui se trouve ici C:\rapport_clean.txt


ensuite :

* Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

*Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 2
Poste le rapport qui se trouve ici C:\rapport_clean.txt


Redémarre en mode normal, copie/colle les 2 rapports sauvegardés sur le forum

precise l'evolution de la situation @+


0
Merci de prendre de ton temps voici le rapport clean

Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 09/02/2007 a 15:53:36,42

*** Recherche de fichiers sur C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\temp\mc???.tmp FOUND
C:\WINDOWS\WMCRRS.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\EGDACCESS* FOUND

"C:\Program Files\mailskinner\" FOUND
*** Fin du rapport !
0
voici le rapport en mode sans échec

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 09/02/2007 a 15:59:23,70

Microsoft Windows XP [version 5.1.2600]

*** Suppression de fichiers sur C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\temp\mc???.tmp
Impossible de supprimer C:\WINDOWS\temp\mc???.tmp
tentative de suppression de C:\WINDOWS\WMCRRS.exe

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\EGDACCESS*

tentative de suppression de "C:\Program Files\mailskinner\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
depuis hier je n'ai pas eu le message windows m'indiquant la présence de winlogon trojan/worm.
Ce soir je pars en week end je ne serai là que dimanche soir
Je te souhaites un bon week end et encore merci de ton aide
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
10 févr. 2007 à 00:04
Re :)

avant de continuer, re-télécharge hijackthis et installe le sur ton bureau, très important, sinon pas de dossier backup créer !


# Désactiver la Restauration du système

* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

( tu pourras la réactivé à la fin de la manip )



# Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/



R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)


O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll


O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll



O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe


O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

( toutes les 016+018 )

O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1062_XP.cab
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058_XP.cab
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://ww1.dlv4.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaderphoto.com/XUpload.ocx
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - https://www.afternic.com/domains/downloadv3.com


O18 - Protocol: bw+0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F341FC4F-8401-4441-8A1B-FC6E3093A707} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: req - C:\WINDOWS\


repasse un coup de ccleaner + télécharge ceci et execute le :

* CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm

precise tes soucis s'il en reste !

bon week-end itoo ;-))


@+








La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
0
Salut greenday désolé de ma réponse tardive mais j'ai été debordée cette semaine.J'ai executé tous ce que tu m'a dit apparament plus de problème.je te remercie vraiment de toute l'aide que tu m'a apportée sans toi je n'y serai jamais arrivée.
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 14:31
Salut

bien :-)

un peu de lecture :

https://sebsauvage.net/safehex.html

securite proteger un ordinateur contre les malwares d internet

@+
0