Trojan downoader.XS

calimerooo71 Messages postés 60 Statut Membre -  
dou-l Messages postés 2871 Statut Membre -
Bonjour,

Voilà je suis infecté par le trojandownloader.XS; j'ai lancé HIJACKTHIS et voici son rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.34, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
F:\Outils Dvd\OCR\opware32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tglmlorg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OmniPage] F:\Outils Dvd\OCR\opware32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [8c6a9e6e] rundll32.exe "C:\WINDOWS\system32\jctfpqoo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] F:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ayewuvgw] C:\WINDOWS\system32\tglmlorg.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [bC3y1atgcD] C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://firstweb.microgaming.com/firstweb/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: bw+0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: setup_7.0.0.180_09.03.2008_11-19[1] - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_09.03.2008_11-19[1].exe (file missing)

--
End of file - 20948 bytes

Merci de m'aider à supprimer les bonnes lignesafin que les mauvaises choses disparraissent..

Merci à vous
Configuration: Windows XP
Internet Explorer 7.0

49 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le fil traite une infection par le trojandownloader.XS sur Windows XP et l'analyse des entrées détectées par HijackThis pour comprendre les vecteurs et les composants malveillants. Des mesures prioritaires consistent à retirer les entrées Run et les barres d'outils suspectes listées dans le rapport, et à restaurer le fichier hosts si nécessaire. Pour une suppression efficace, il est recommandé de faire un scan complet avec un antivirus à jour et, si nécessaire, d'utiliser des outils anti-malware spécialisés et de démarrer en mode sans échec. Ensuite, surveiller les processus actifs et les services, réviser les mises à jour du système et des applications, et assurer une réinitialisation correcte des paramètres sécurité pour prévenir une réinfection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. dou-l Messages postés 2871 Statut Membre 61
     
    slt

    télécharge smitfraudfix: smitfraudfix

    # Double clique sur l'icone de smitfraud pui choisis l'option 1 et poste le rapport.

    Tient moi au courant a+.
    0
    1. calimerooo71 Messages postés 60 Statut Membre
       
      Merci d ton aide ,

      voici le rapport demandé...

      à+
      SmitFraudFix v2.319

      Rapport fait à 11.59.45,96, 29/04/2008
      Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\HP\KBD\KBD.EXE
      C:\WINDOWS\system32\pctspk.exe
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Controle Parental\bin\optproxy.exe
      C:\Program Files\Logitech\Video\LogiTray.exe
      F:\Outils Dvd\OCR\opware32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\tglmlorg.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\Wanadoo\GestionnaireInternet.exe
      C:\Program Files\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Wanadoo\Watch.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      C:\WINDOWS\olgdqarf.exe PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

      C:\Program Files\akl\ PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: 802.11 USB Wireless LAN Adapter #2 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{5FC955AE-4ED5-40DE-B854-8B3897994851}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{5FC955AE-4ED5-40DE-B854-8B3897994851}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{5FC955AE-4ED5-40DE-B854-8B3897994851}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  2. dou-l Messages postés 2871 Statut Membre 61
     
    On continue,

    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SmitfraudFix
    Double clic sur Smitfraud.cm choisis l'option 2 et Entrée
    Réponds O aux deux questions suivantes:
    -Voulez-vous nettoyer le registre ?
    -Corriger le fichier infecté ?
    Un rapport.txt sera généré et tu le postes pour contrôle.
    0
  3. calimerooo71 Messages postés 60 Statut Membre
     
    voici le rapport
    SmitFraudFix v2.319

    Rapport fait à 14.26.41,40, 29/04/2008
    Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    200.124.131.116 casinocontroller.com
    200.124.131.116 casinocontroller.com
    200.124.131.116 casinocontroller.com
    200.124.131.116 casinocontroller.com
    200.124.131.116 casinocontroller.com
    200.124.131.116 casinocontroller.com

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.
    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    à+
    0
  4. dou-l Messages postés 2871 Statut Membre 61
     
    ok un nouveau hijackthis stp
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. calimerooo71 Messages postés 60 Statut Membre
     
    c'est de plus en plus long...bon courage

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15.34, on 29/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Controle Parental\bin\optproxy.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    F:\Outils Dvd\OCR\opware32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\tglmlorg.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: 200.124.131.116 casinocontroller.com
    O1 - Hosts: 200.124.131.116 casinocontroller.com
    O1 - Hosts: 200.124.131.116 casinocontroller.com
    O1 - Hosts: 200.124.131.116 casinocontroller.com
    O1 - Hosts: 200.124.131.116 casinocontroller.com
    O1 - Hosts: 200.124.131.116 casinocontroller.com
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll (file missing)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OmniPage] F:\Outils Dvd\OCR\opware32.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [8c6a9e6e] rundll32.exe "C:\WINDOWS\system32\jctfpqoo.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [Steam] F:\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ayewuvgw] C:\WINDOWS\system32\tglmlorg.exe
    O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [bC3y1atgcD] C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://firstweb.microgaming.com/firstweb/FlashAX2.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer = 212.27.32.176,212.27.32.177
    O18 - Protocol: bw+0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
    O23 - Service: setup_7.0.0.180_09.03.2008_11-19[1] - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_09.03.2008_11-19[1].exe (file missing)
    0
  7. dou-l Messages postés 2871 Statut Membre 61
     
    Pas de pare feu ? télécharge et installe zonealarm

    Pour t'aider à le configurer : regarde le tuto

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ces fichier:

    C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
    C:\WINDOWS\system32\tglmlorg.exe

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre le nom du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Télécharge Zeb-Restore : http://telechargement.zebulon.fr/zeb-restore.html
    - Mets le dans un dossier, sur ton bureau par exemple.
    - Lance Zebrestore et coche la/les case(s) suivante(s) :

    Réinitialiser Fichier Hosts

    - Ne coche que la/les case(s) indiquée(s).
    - Clique sur le bouton Restaurer.
    - Quitte le programme puis renvoie un log HiJack,
    0
  8. calimerooo71 Messages postés 60 Statut Membre
     
    voici le rus total et celui de hijackhis :
    Résultats
    Permalink:

    VirusTotal &">'>"> -->

    <meta http-equiv="refresh" content="0; url=http://127.0.0.1:10237/cgi-bin/stop?URL=3d1ecc2fd0787c8caeb7b394034682823f1932cc1cfd89a3b807f97584553c71f743276c7dd4d9071dcb06424cc7f9d9dd57f4f2c6e8afc065fc16091e084aa17cf59a70edcd66e50eaacd75d6&IP=127.0.0.1&USER=general&DATETIME=[29/Apr/2008:15:59:21]&RULE=general

    ----------------------------------------------------------

    Le fichier a déjà été analysé:
    MD5:
    First received:
    Date
    Résultats
    Permalink:

    VirusTotal © Hispasec Sistemas - '>"> -->

    <meta http-equiv="refresh

    ---------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16.39, on 29/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Controle Parental\bin\optproxy.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    F:\Outils Dvd\OCR\opware32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\tglmlorg.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll (file missing)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OmniPage] F:\Outils Dvd\OCR\opware32.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [8c6a9e6e] rundll32.exe "C:\WINDOWS\system32\jctfpqoo.dll",b
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [Steam] F:\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ayewuvgw] C:\WINDOWS\system32\tglmlorg.exe
    O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [bC3y1atgcD] C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://firstweb.microgaming.com/firstweb/FlashAX2.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer = 212.27.32.176,212.27.32.177
    O18 - Protocol: bw+0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
    O23 - Service: setup_7.0.0.180_09.03.2008_11-19[1] - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_09.03.2008_11-19[1].exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    0
  9. dou-l Messages postés 2871 Statut Membre 61
     
    C'est pas lees rapport de virustotal !! refait:

    C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
    C:\WINDOWS\system32\tglmlorg.exe
    0
  10. calimerooo71 Messages postés 60 Statut Membre
     
    désolé mais tt à 'heure je n'avais que ça....

    voici maintenat ce que tu souhaites....

    Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
    Fichier vmnwvglm.exe reçu le 2008.04.26 09:25:45 (CET)
    Situation actuelle: terminé

    Résultat: 9/32 (28.12%)
    Formaté Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - TR/Crypt.XPACK.Gen
    Authentium - - -
    Avast - - -
    AVG - - Downloader.Obfuskated
    BitDefender - - -
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    F-Prot - - -
    F-Secure - - -
    FileAdvisor - - -
    Fortinet - - -
    Ikarus - - Trojan.Crypt.XPACK
    Kaspersky - - -
    McAfee - - -
    Microsoft - - Trojan:Win32/Busky.EC
    NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.BP
    Norman - - -
    Panda - - -
    Prevx1 - - Covert.Sys.Exec
    Rising - - -
    Sophos - - Mal/EncPk-DG
    Sunbelt - - -
    Symantec - - Downloader.MisleadApp
    TheHacker - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
    Information additionnelle
    MD5: 96b2820fb38d646f105e0902d5081b78
    SHA1: 6db1bac504748ae10cdb8b7ae4001a232639b534
    SHA256: 85df49ac2a5b9a7339f98359a87107580c273dff36ea59485186eb65b9e46cf1
    SHA512: ab8b9339c2ae25c8da22bd31027cb5302e56ad3a861691a255f3f732c537c56c6a93892ed27e5f71a4c8a5a10669930fc6809f967ef537f2c399da6514be7623

    ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

    VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com
    --------------------------------------------------------------------------------------------------------------------------
    Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
    Fichier yfgjcxel.exe.vir_080428_080428___ reçu le 2008.04.28 08:07:46 (CET)
    Situation actuelle: terminé

    Résultat: 12/32 (37.50%)
    Formaté Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.4.25.2 2008.04.25 -
    AntiVir 7.8.0.10 2008.04.27 TR/Crypt.XPACK.Gen
    Authentium 4.93.8 2008.04.27 -
    Avast 4.8.1169.0 2008.04.28 -
    AVG 7.5.0.516 2008.04.27 Downloader.Agent.AGBH
    BitDefender 7.2 2008.04.28 -
    CAT-QuickHeal 9.50 2008.04.26 Win32.Trojan.Obfuscated.gx.3
    ClamAV 0.92.1 2008.04.27 -
    DrWeb 4.44.0.09170 2008.04.27 -
    eSafe 7.0.15.0 2008.04.27 suspicious Trojan/Worm
    eTrust-Vet 31.3.5736 2008.04.26 -
    Ewido 4.0 2008.04.27 -
    F-Prot 4.4.2.54 2008.04.27 -
    F-Secure 6.70.13260.0 2008.04.28 -
    FileAdvisor 1 2008.04.28 -
    Fortinet 3.14.0.0 2008.04.28 -
    Ikarus T3.1.1.26 2008.04.28 Trojan.Crypt.XPACK
    Kaspersky 7.0.0.125 2008.04.28 -
    McAfee 5282 2008.04.25 -
    Microsoft 1.3408 2008.04.22 Trojan:Win32/Busky.ED
    NOD32v2 3058 2008.04.27 probably a variant of Win32/TrojanDownloader.FakeAlert.BP
    Norman 5.80.02 2008.04.25 -
    Panda 9.0.0.4 2008.04.27 Suspicious file
    Prevx1 V2 2008.04.28 Generic.Malware
    Rising 20.42.00.00 2008.04.28 -
    Sophos 4.28.0 2008.04.28 Mal/EncPk-DG
    Sunbelt 3.0.1056.0 2008.04.17 -
    Symantec 10 2008.04.28 Downloader.MisleadApp
    TheHacker 6.2.92.294 2008.04.26 -
    VBA32 3.12.6.5 2008.04.26 -
    VirusBuster 4.3.26:9 2008.04.27 -
    Webwasher-Gateway 6.6.2 2008.04.28 Trojan.Crypt.XPACK.Gen
    Information additionnelle
    File size: 35840 bytes
    MD5...: e7a0101f7584e765a5bc406f6d89c348
    SHA1..: 412d385ac08db4d941b49d60207c36296ec6c19c
    SHA256: 99c69939c18b06c26b493ac0a7147b27f5a7623892d0eebe0ae67259094021b5
    SHA512: c2a322de378b3842872fe483f8539ddc9d2b8efb4d3e2e30afc7f4be936af9cc
    5fedd9ce6b1cd2863886d292192ec3934c571360db13c99bd3018d027496cccf
    PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x4104e0
    timedatestamp.....: 0x481181f0 (Fri Apr 25 07:02:08 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    UPX1 0x8000 0x9000 0x8800 7.94 5008876766d1c7c365606c457770c660
    UPX2 0x11000 0x1000 0x200 1.11 2f566375e31d0a8e854f4b190ee43464

    ( 1 imports )
    > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess

    ( 0 exports )

    packers: UPX
    packers: UPX
    packers: UPX
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=9CC3C78900203EB38C5D004D19C2AC00BD8DFB06

    ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
    0
  11. dou-l Messages postés 2871 Statut Membre 61
     
    ok c'est infecter :

    télécharge OTMoveIt OTMoveit sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,

    CITATION

    C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
    C:\WINDOWS\system32\tglmlorg.exe

    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
  12. calimerooo71 Messages postés 60 Statut Membre
     
    voici le rapport...j'espère qu'il te convient celui là
    C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe moved successfully.
    C:\WINDOWS\system32\tglmlorg.exe moved successfully.

    Created on 04/29/2008 17.57.27

    PS : Il ne m'a pas demandé de redémarrer le PC
    0
  13. dou-l Messages postés 2871 Statut Membre 61
     
    ok redemarre le et dit tes soucis actuel
    0
  14. calimerooo71 Messages postés 60 Statut Membre
     
    je n'ai plus le petit triangle jaune mais j'ai encore des pages internet intempestives. De plus j'ai toujours sur le bureau 8 icones que je ne peux pas supprimer : EditorFKWP1.5 Editor FKWP2.0 filemanagerclient FWwebeditor Trojan.win32
    fkwp1.5 fkwp2.0 et fwebd

    De plus, il est d'une très grande lenteur surtout au démarrage
    est-ce du à zone alerte sachant que j'ai toujors sur le PC AVAST, et même CCLEANER AD AWARE et SPYBOT ?

    De plus existe t-il un moyen d'optimiser les performances de mon PC ? en supprimer des fichiers plus utilisés par exemple

    Merci de ta réponse
    0
  15. dou-l Messages postés 2871 Statut Membre 61
     
    ok pour les pubs

    Télécharge Navilog

    -Choisis Enregistrer et enregistre-le sur ton bureau.

    - Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    -Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
    Patiente jusqu'au message " Analyse Termine le ....."

    -Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie/colle l'intégralité du rapport dans ta réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    -Si ton antivirus detecte un virus ou un cheval de troie durant l'analyse ignore le.

    je revien demain a+
    0
  16. calimerooo71 Messages postés 60 Statut Membre
     
    voici le rapport
    Search Navipromo version 3.5.5 commencé le 29/04/2008 à 20.48.41,07

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Propriétaire"

    Mise à jour le 27.04.2008 à 10h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\WINDOWS" ***

    C:\WINDOWS\mslagent trouvé !

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    C:\WINDOWS\system32\SuCIRqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\UDddefii.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

    *** Analyse terminée le 29/04/2008 à 21.21.01,21 ***
    bonne soirée
    Merci de répondre à mes précédentes questions SVP
    0
  17. dou-l Messages postés 2871 Statut Membre 61
     
    ok

    double clic sur navilog1 et au menu principal choisis l'option 2 et poste le rapport
    0
  18. calimerooo71 Messages postés 60 Statut Membre
     
    j'ai été trop vite et j'ai oublié de copier le rapport avant que le PC ne redémarre
    comment puis je corriger mon erreur ?

    Merci
    0
  19. dou-l Messages postés 2871 Statut Membre 61
     
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt) poste le
    0
  20. calimerooo71 Messages postés 60 Statut Membre
     
    d'accord mais comment le retrouve t-on ?
    0
  21. dou-l Messages postés 2871 Statut Membre 61
     
    g marker !!

    Dans le disque local C il y a fixnavi.txt
    0
  • 1
  • 2
  • 3