Trojan downoader.XS
calimerooo71
Messages postés
60
Statut
Membre
-
dou-l Messages postés 2871 Statut Membre -
dou-l Messages postés 2871 Statut Membre -
Bonjour,
Voilà je suis infecté par le trojandownloader.XS; j'ai lancé HIJACKTHIS et voici son rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.34, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
F:\Outils Dvd\OCR\opware32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tglmlorg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OmniPage] F:\Outils Dvd\OCR\opware32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [8c6a9e6e] rundll32.exe "C:\WINDOWS\system32\jctfpqoo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] F:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ayewuvgw] C:\WINDOWS\system32\tglmlorg.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [bC3y1atgcD] C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://firstweb.microgaming.com/firstweb/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: bw+0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: setup_7.0.0.180_09.03.2008_11-19[1] - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_09.03.2008_11-19[1].exe (file missing)
Voilà je suis infecté par le trojandownloader.XS; j'ai lancé HIJACKTHIS et voici son rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.34, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
F:\Outils Dvd\OCR\opware32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tglmlorg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OmniPage] F:\Outils Dvd\OCR\opware32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [8c6a9e6e] rundll32.exe "C:\WINDOWS\system32\jctfpqoo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] F:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ayewuvgw] C:\WINDOWS\system32\tglmlorg.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [bC3y1atgcD] C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://firstweb.microgaming.com/firstweb/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: bw+0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: setup_7.0.0.180_09.03.2008_11-19[1] - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_09.03.2008_11-19[1].exe (file missing)
A voir également:
- Trojan downoader.XS
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
49 réponses
slt
télécharge smitfraudfix: smitfraudfix
# Double clique sur l'icone de smitfraud pui choisis l'option 1 et poste le rapport.
Tient moi au courant a+.
télécharge smitfraudfix: smitfraudfix
# Double clique sur l'icone de smitfraud pui choisis l'option 1 et poste le rapport.
Tient moi au courant a+.
On continue,
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SmitfraudFix
Double clic sur Smitfraud.cm choisis l'option 2 et Entrée
Réponds O aux deux questions suivantes:
-Voulez-vous nettoyer le registre ?
-Corriger le fichier infecté ?
Un rapport.txt sera généré et tu le postes pour contrôle.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SmitfraudFix
Double clic sur Smitfraud.cm choisis l'option 2 et Entrée
Réponds O aux deux questions suivantes:
-Voulez-vous nettoyer le registre ?
-Corriger le fichier infecté ?
Un rapport.txt sera généré et tu le postes pour contrôle.
voici le rapport
SmitFraudFix v2.319
Rapport fait à 14.26.41,40, 29/04/2008
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
à+
SmitFraudFix v2.319
Rapport fait à 14.26.41,40, 29/04/2008
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
200.124.131.116 casinocontroller.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
à+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
c'est de plus en plus long...bon courage
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.34, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
F:\Outils Dvd\OCR\opware32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tglmlorg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OmniPage] F:\Outils Dvd\OCR\opware32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [8c6a9e6e] rundll32.exe "C:\WINDOWS\system32\jctfpqoo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] F:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ayewuvgw] C:\WINDOWS\system32\tglmlorg.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [bC3y1atgcD] C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://firstweb.microgaming.com/firstweb/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: bw+0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: setup_7.0.0.180_09.03.2008_11-19[1] - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_09.03.2008_11-19[1].exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.34, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
F:\Outils Dvd\OCR\opware32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tglmlorg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OmniPage] F:\Outils Dvd\OCR\opware32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [8c6a9e6e] rundll32.exe "C:\WINDOWS\system32\jctfpqoo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] F:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ayewuvgw] C:\WINDOWS\system32\tglmlorg.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [bC3y1atgcD] C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://firstweb.microgaming.com/firstweb/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: bw+0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: setup_7.0.0.180_09.03.2008_11-19[1] - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_09.03.2008_11-19[1].exe (file missing)
Pas de pare feu ? télécharge et installe zonealarm
Pour t'aider à le configurer : regarde le tuto
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ces fichier:
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\WINDOWS\system32\tglmlorg.exe
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre le nom du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Télécharge Zeb-Restore : http://telechargement.zebulon.fr/zeb-restore.html
- Mets le dans un dossier, sur ton bureau par exemple.
- Lance Zebrestore et coche la/les case(s) suivante(s) :
Réinitialiser Fichier Hosts
- Ne coche que la/les case(s) indiquée(s).
- Clique sur le bouton Restaurer.
- Quitte le programme puis renvoie un log HiJack,
Pour t'aider à le configurer : regarde le tuto
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ces fichier:
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\WINDOWS\system32\tglmlorg.exe
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre le nom du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Télécharge Zeb-Restore : http://telechargement.zebulon.fr/zeb-restore.html
- Mets le dans un dossier, sur ton bureau par exemple.
- Lance Zebrestore et coche la/les case(s) suivante(s) :
Réinitialiser Fichier Hosts
- Ne coche que la/les case(s) indiquée(s).
- Clique sur le bouton Restaurer.
- Quitte le programme puis renvoie un log HiJack,
voici le rus total et celui de hijackhis :
Résultats
Permalink:
VirusTotal &">'>"> -->
<meta http-equiv="refresh" content="0; url=http://127.0.0.1:10237/cgi-bin/stop?URL=3d1ecc2fd0787c8caeb7b394034682823f1932cc1cfd89a3b807f97584553c71f743276c7dd4d9071dcb06424cc7f9d9dd57f4f2c6e8afc065fc16091e084aa17cf59a70edcd66e50eaacd75d6&IP=127.0.0.1&USER=general&DATETIME=[29/Apr/2008:15:59:21]&RULE=general
----------------------------------------------------------
Le fichier a déjà été analysé:
MD5:
First received:
Date
Résultats
Permalink:
VirusTotal © Hispasec Sistemas - '>"> -->
<meta http-equiv="refresh
---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.39, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
F:\Outils Dvd\OCR\opware32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tglmlorg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OmniPage] F:\Outils Dvd\OCR\opware32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [8c6a9e6e] rundll32.exe "C:\WINDOWS\system32\jctfpqoo.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] F:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ayewuvgw] C:\WINDOWS\system32\tglmlorg.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [bC3y1atgcD] C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://firstweb.microgaming.com/firstweb/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: bw+0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: setup_7.0.0.180_09.03.2008_11-19[1] - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_09.03.2008_11-19[1].exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Résultats
Permalink:
VirusTotal &">'>"> -->
<meta http-equiv="refresh" content="0; url=http://127.0.0.1:10237/cgi-bin/stop?URL=3d1ecc2fd0787c8caeb7b394034682823f1932cc1cfd89a3b807f97584553c71f743276c7dd4d9071dcb06424cc7f9d9dd57f4f2c6e8afc065fc16091e084aa17cf59a70edcd66e50eaacd75d6&IP=127.0.0.1&USER=general&DATETIME=[29/Apr/2008:15:59:21]&RULE=general
----------------------------------------------------------
Le fichier a déjà été analysé:
MD5:
First received:
Date
Résultats
Permalink:
VirusTotal © Hispasec Sistemas - '>"> -->
<meta http-equiv="refresh
---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.39, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
F:\Outils Dvd\OCR\opware32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tglmlorg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: enlfxgw - {FA562FBB-A866-4ACF-8E9D-5EEEFD7FC6F7} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OmniPage] F:\Outils Dvd\OCR\opware32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [8c6a9e6e] rundll32.exe "C:\WINDOWS\system32\jctfpqoo.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] F:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ayewuvgw] C:\WINDOWS\system32\tglmlorg.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [bC3y1atgcD] C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://firstweb.microgaming.com/firstweb/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: bw+0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9B86F247-748F-4E35-9487-B75E57C2754E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: setup_7.0.0.180_09.03.2008_11-19[1] - Unknown owner - C:\Documents and Settings\All Users\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_09.03.2008_11-19[1].exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C'est pas lees rapport de virustotal !! refait:
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\WINDOWS\system32\tglmlorg.exe
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\WINDOWS\system32\tglmlorg.exe
désolé mais tt à 'heure je n'avais que ça....
voici maintenat ce que tu souhaites....
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier vmnwvglm.exe reçu le 2008.04.26 09:25:45 (CET)
Situation actuelle: terminé
Résultat: 9/32 (28.12%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - Downloader.Obfuskated
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - Trojan.Crypt.XPACK
Kaspersky - - -
McAfee - - -
Microsoft - - Trojan:Win32/Busky.EC
NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman - - -
Panda - - -
Prevx1 - - Covert.Sys.Exec
Rising - - -
Sophos - - Mal/EncPk-DG
Sunbelt - - -
Symantec - - Downloader.MisleadApp
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Information additionnelle
MD5: 96b2820fb38d646f105e0902d5081b78
SHA1: 6db1bac504748ae10cdb8b7ae4001a232639b534
SHA256: 85df49ac2a5b9a7339f98359a87107580c273dff36ea59485186eb65b9e46cf1
SHA512: ab8b9339c2ae25c8da22bd31027cb5302e56ad3a861691a255f3f732c537c56c6a93892ed27e5f71a4c8a5a10669930fc6809f967ef537f2c399da6514be7623
ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com
--------------------------------------------------------------------------------------------------------------------------
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier yfgjcxel.exe.vir_080428_080428___ reçu le 2008.04.28 08:07:46 (CET)
Situation actuelle: terminé
Résultat: 12/32 (37.50%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.25.2 2008.04.25 -
AntiVir 7.8.0.10 2008.04.27 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.04.27 -
Avast 4.8.1169.0 2008.04.28 -
AVG 7.5.0.516 2008.04.27 Downloader.Agent.AGBH
BitDefender 7.2 2008.04.28 -
CAT-QuickHeal 9.50 2008.04.26 Win32.Trojan.Obfuscated.gx.3
ClamAV 0.92.1 2008.04.27 -
DrWeb 4.44.0.09170 2008.04.27 -
eSafe 7.0.15.0 2008.04.27 suspicious Trojan/Worm
eTrust-Vet 31.3.5736 2008.04.26 -
Ewido 4.0 2008.04.27 -
F-Prot 4.4.2.54 2008.04.27 -
F-Secure 6.70.13260.0 2008.04.28 -
FileAdvisor 1 2008.04.28 -
Fortinet 3.14.0.0 2008.04.28 -
Ikarus T3.1.1.26 2008.04.28 Trojan.Crypt.XPACK
Kaspersky 7.0.0.125 2008.04.28 -
McAfee 5282 2008.04.25 -
Microsoft 1.3408 2008.04.22 Trojan:Win32/Busky.ED
NOD32v2 3058 2008.04.27 probably a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman 5.80.02 2008.04.25 -
Panda 9.0.0.4 2008.04.27 Suspicious file
Prevx1 V2 2008.04.28 Generic.Malware
Rising 20.42.00.00 2008.04.28 -
Sophos 4.28.0 2008.04.28 Mal/EncPk-DG
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.28 Downloader.MisleadApp
TheHacker 6.2.92.294 2008.04.26 -
VBA32 3.12.6.5 2008.04.26 -
VirusBuster 4.3.26:9 2008.04.27 -
Webwasher-Gateway 6.6.2 2008.04.28 Trojan.Crypt.XPACK.Gen
Information additionnelle
File size: 35840 bytes
MD5...: e7a0101f7584e765a5bc406f6d89c348
SHA1..: 412d385ac08db4d941b49d60207c36296ec6c19c
SHA256: 99c69939c18b06c26b493ac0a7147b27f5a7623892d0eebe0ae67259094021b5
SHA512: c2a322de378b3842872fe483f8539ddc9d2b8efb4d3e2e30afc7f4be936af9cc
5fedd9ce6b1cd2863886d292192ec3934c571360db13c99bd3018d027496cccf
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4104e0
timedatestamp.....: 0x481181f0 (Fri Apr 25 07:02:08 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x8000 0x9000 0x8800 7.94 5008876766d1c7c365606c457770c660
UPX2 0x11000 0x1000 0x200 1.11 2f566375e31d0a8e854f4b190ee43464
( 1 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
( 0 exports )
packers: UPX
packers: UPX
packers: UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=9CC3C78900203EB38C5D004D19C2AC00BD8DFB06
ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
voici maintenat ce que tu souhaites....
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier vmnwvglm.exe reçu le 2008.04.26 09:25:45 (CET)
Situation actuelle: terminé
Résultat: 9/32 (28.12%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - Downloader.Obfuskated
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - Trojan.Crypt.XPACK
Kaspersky - - -
McAfee - - -
Microsoft - - Trojan:Win32/Busky.EC
NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman - - -
Panda - - -
Prevx1 - - Covert.Sys.Exec
Rising - - -
Sophos - - Mal/EncPk-DG
Sunbelt - - -
Symantec - - Downloader.MisleadApp
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Information additionnelle
MD5: 96b2820fb38d646f105e0902d5081b78
SHA1: 6db1bac504748ae10cdb8b7ae4001a232639b534
SHA256: 85df49ac2a5b9a7339f98359a87107580c273dff36ea59485186eb65b9e46cf1
SHA512: ab8b9339c2ae25c8da22bd31027cb5302e56ad3a861691a255f3f732c537c56c6a93892ed27e5f71a4c8a5a10669930fc6809f967ef537f2c399da6514be7623
ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com
--------------------------------------------------------------------------------------------------------------------------
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier yfgjcxel.exe.vir_080428_080428___ reçu le 2008.04.28 08:07:46 (CET)
Situation actuelle: terminé
Résultat: 12/32 (37.50%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.25.2 2008.04.25 -
AntiVir 7.8.0.10 2008.04.27 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.04.27 -
Avast 4.8.1169.0 2008.04.28 -
AVG 7.5.0.516 2008.04.27 Downloader.Agent.AGBH
BitDefender 7.2 2008.04.28 -
CAT-QuickHeal 9.50 2008.04.26 Win32.Trojan.Obfuscated.gx.3
ClamAV 0.92.1 2008.04.27 -
DrWeb 4.44.0.09170 2008.04.27 -
eSafe 7.0.15.0 2008.04.27 suspicious Trojan/Worm
eTrust-Vet 31.3.5736 2008.04.26 -
Ewido 4.0 2008.04.27 -
F-Prot 4.4.2.54 2008.04.27 -
F-Secure 6.70.13260.0 2008.04.28 -
FileAdvisor 1 2008.04.28 -
Fortinet 3.14.0.0 2008.04.28 -
Ikarus T3.1.1.26 2008.04.28 Trojan.Crypt.XPACK
Kaspersky 7.0.0.125 2008.04.28 -
McAfee 5282 2008.04.25 -
Microsoft 1.3408 2008.04.22 Trojan:Win32/Busky.ED
NOD32v2 3058 2008.04.27 probably a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman 5.80.02 2008.04.25 -
Panda 9.0.0.4 2008.04.27 Suspicious file
Prevx1 V2 2008.04.28 Generic.Malware
Rising 20.42.00.00 2008.04.28 -
Sophos 4.28.0 2008.04.28 Mal/EncPk-DG
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.28 Downloader.MisleadApp
TheHacker 6.2.92.294 2008.04.26 -
VBA32 3.12.6.5 2008.04.26 -
VirusBuster 4.3.26:9 2008.04.27 -
Webwasher-Gateway 6.6.2 2008.04.28 Trojan.Crypt.XPACK.Gen
Information additionnelle
File size: 35840 bytes
MD5...: e7a0101f7584e765a5bc406f6d89c348
SHA1..: 412d385ac08db4d941b49d60207c36296ec6c19c
SHA256: 99c69939c18b06c26b493ac0a7147b27f5a7623892d0eebe0ae67259094021b5
SHA512: c2a322de378b3842872fe483f8539ddc9d2b8efb4d3e2e30afc7f4be936af9cc
5fedd9ce6b1cd2863886d292192ec3934c571360db13c99bd3018d027496cccf
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4104e0
timedatestamp.....: 0x481181f0 (Fri Apr 25 07:02:08 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x8000 0x9000 0x8800 7.94 5008876766d1c7c365606c457770c660
UPX2 0x11000 0x1000 0x200 1.11 2f566375e31d0a8e854f4b190ee43464
( 1 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
( 0 exports )
packers: UPX
packers: UPX
packers: UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=9CC3C78900203EB38C5D004D19C2AC00BD8DFB06
ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
ok c'est infecter :
télécharge OTMoveIt OTMoveit sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
CITATION
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\WINDOWS\system32\tglmlorg.exe
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
télécharge OTMoveIt OTMoveit sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
CITATION
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\WINDOWS\system32\tglmlorg.exe
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
voici le rapport...j'espère qu'il te convient celui là
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe moved successfully.
C:\WINDOWS\system32\tglmlorg.exe moved successfully.
Created on 04/29/2008 17.57.27
PS : Il ne m'a pas demandé de redémarrer le PC
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe moved successfully.
C:\WINDOWS\system32\tglmlorg.exe moved successfully.
Created on 04/29/2008 17.57.27
PS : Il ne m'a pas demandé de redémarrer le PC
je n'ai plus le petit triangle jaune mais j'ai encore des pages internet intempestives. De plus j'ai toujours sur le bureau 8 icones que je ne peux pas supprimer : EditorFKWP1.5 Editor FKWP2.0 filemanagerclient FWwebeditor Trojan.win32
fkwp1.5 fkwp2.0 et fwebd
De plus, il est d'une très grande lenteur surtout au démarrage
est-ce du à zone alerte sachant que j'ai toujors sur le PC AVAST, et même CCLEANER AD AWARE et SPYBOT ?
De plus existe t-il un moyen d'optimiser les performances de mon PC ? en supprimer des fichiers plus utilisés par exemple
Merci de ta réponse
fkwp1.5 fkwp2.0 et fwebd
De plus, il est d'une très grande lenteur surtout au démarrage
est-ce du à zone alerte sachant que j'ai toujors sur le PC AVAST, et même CCLEANER AD AWARE et SPYBOT ?
De plus existe t-il un moyen d'optimiser les performances de mon PC ? en supprimer des fichiers plus utilisés par exemple
Merci de ta réponse
ok pour les pubs
Télécharge Navilog
-Choisis Enregistrer et enregistre-le sur ton bureau.
- Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
-Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message " Analyse Termine le ....."
-Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie/colle l'intégralité du rapport dans ta réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
-Si ton antivirus detecte un virus ou un cheval de troie durant l'analyse ignore le.
je revien demain a+
Télécharge Navilog
-Choisis Enregistrer et enregistre-le sur ton bureau.
- Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
-Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message " Analyse Termine le ....."
-Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie/colle l'intégralité du rapport dans ta réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
-Si ton antivirus detecte un virus ou un cheval de troie durant l'analyse ignore le.
je revien demain a+
voici le rapport
Search Navipromo version 3.5.5 commencé le 29/04/2008 à 20.48.41,07
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Propriétaire"
Mise à jour le 27.04.2008 à 10h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
C:\WINDOWS\mslagent trouvé !
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\SuCIRqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\UDddefii.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 29/04/2008 à 21.21.01,21 ***
bonne soirée
Merci de répondre à mes précédentes questions SVP
Search Navipromo version 3.5.5 commencé le 29/04/2008 à 20.48.41,07
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Propriétaire"
Mise à jour le 27.04.2008 à 10h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
C:\WINDOWS\mslagent trouvé !
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\SuCIRqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\UDddefii.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 29/04/2008 à 21.21.01,21 ***
bonne soirée
Merci de répondre à mes précédentes questions SVP
j'ai été trop vite et j'ai oublié de copier le rapport avant que le PC ne redémarre
comment puis je corriger mon erreur ?
Merci
comment puis je corriger mon erreur ?
Merci
voici le rapport demandé...
à+
SmitFraudFix v2.319
Rapport fait à 11.59.45,96, 29/04/2008
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\dofmpens\fklslslu.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
F:\Outils Dvd\OCR\opware32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tglmlorg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\olgdqarf.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\akl\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: 802.11 USB Wireless LAN Adapter #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5FC955AE-4ED5-40DE-B854-8B3897994851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5FC955AE-4ED5-40DE-B854-8B3897994851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4FFF4036-CD01-4C1D-A375-6B7FF26E702B}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5FC955AE-4ED5-40DE-B854-8B3897994851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin