[ Windows XP ] Fond d'écran bloqué

AnTi-VIP -  
AnTi-ViP Messages postés 78 Statut Membre -
Bonsoir à tous.

Je suis désolé de créer un topic pour ça, alors qu'il y en à des tonnes.
En fait j'ai surtout peur pour mon ordinateur ^^'

Je m'explique, j'ai dl un fichier winrar et j'ai sorti le setup pour l'executer, il à planté et j'ai redémarré l'ordinateur. La je vois une imagine qui bouge avec des liens internet dessus, Limewire se lance tout seul, impossible de le fermer / de temps en temps des pages web s'affichent..
7 ou 8 nouvelles icônes viennent poluer mon bureau, je les supprimes.
Je réfléchi un peu et je me dis qu'il suffit de changer le fond d'écran, manque de bol le truc est bloqué, il est verrouillé sur un truc 'desktop'
Je delet adobX ou un truc du genre ( car j'ai vu un message comme quoi c'étais utilisé )
Je DL avast et fais le scan du pc, il delet les trucs infectés et je redémarre.

Limewire ne s'ouvre plus tout seul, j'ai casi plus de pages web qui s'affichent, mais le fond d'écran reste le même
J'click droit sur la barre des tâches et je la déverrouille. le fond d'écran disparait mais il est encore impossible de changer de fond d'écran

Donc je voudrais savoir comment résoudre ce problème et si une fois résolu les pages web s'arrêteront de s'ouvrir toutes seules ?
Et surtout es ce que mon ordinateur cour un 'danger' ou des 'séquelles' ?

Merci d'avance pour vos réponses, je suis désolé de crée un nouveau topic pour ça, mais j'ai vraiment peur..

Je vais me coucher je passerais demain soir

A+
Configuration: Windows XP
Firefox 2.0.0.14

49 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par malware survient après l'exécution d'un fichier téléchargé, provoquant Limewire qui se lance seul, plusieurs icônes sur le bureau et un verrouillage du fond d'écran sous Windows XP.
Plusieurs réponses proposent de démarrer en mode sans échec, envisager une restauration système et effectuer un scan avec Avast ou HijackThis pour identifier et supprimer les éléments indésirables.
D'autres suggestions évoquent des outils spécifiques et des logs détaillés pour évaluer l'étendue de l'infection et guider le nettoyage, sans assurer une résolution immédiate à court terme.
En parallèle, des signes typiques comme des redirections ou des processus inconnus illustrent les risques pour les données et les performances, soulignant la nécessité d'un nettoyage approfondi et d'une vérification ultérieure.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. AnTi-VIP
     
    Merci je vais suivre à la lettre.

    C'est bien F10 au demarrage pour le mode sans échec ?

    Sinon j'ai pensé à une restauration du système, ça pourrait marcher ?

    J'attends une réponse avant de commencer.
    1
  2. hamagil Messages postés 5564 Statut Membre 724
     
    telecharge AVG anti-spyware : http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
    telecharge spybot search and destroy : http://www.commentcamarche.net/telecharger/telecharger 122 spybot
    installe les et met les a jours ,desactive la restau systeme , redemmare ton pc en mode_sans_echec (pas celle avec prise en charge reseau)
    lance AVG anti-spy
    = Dans ANALYSE
    ==> Paramètres ==> sous COMMENT REAGIR==>Actions recommandées ==>Quarantaine
    ==> Clic : Analyse complète du système
    En fin de scan ( qui est assez long)
    ==> Clic Appliquer toutes les actions <== ceci Très important

    lance "spybot"
    clique sur "search et destroy" , "verifier tout"
    a la fin du scan , clique sur "corriger les problemes" , si des probs ont etes trouves

    par la meme occasion , fais un scan anti-virus de ton PC , avec ton anti-virus , et ce ,pendant que tu est en mode_sans_echec (tu auras mis ton anti-virus a jours avant de redemmarer en mode_sans_echec )

    redemmare ton pc en normal , telecharge "hijackthis",installe le , choisis "faire un scan et sauvegarder le log",et colle ton raport dans ta reponse
    tu recreeras un point de restau une fois ton pc desinfecte

    hijackthis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    pour desactiver la restauration systeme,il faut : panneau de configuration , systeme , restauration systeme , cocher "desactiver la restauration systeme sur tout les lecteurs" ,
    apres avoir desinfecter le pc , il faudras juste reactiver la restauration sur le lecteur ou est installer windows (le systeme d'exploitation) (C:) par defaut,et dans les parametres , mettre 5%

    je rapelle que le seul moyen de desinfecter son PC , est justement de ne pas etre infecte
    aucun programme ne vous previendras si vous avez de mauvaises habitudes avec votre PC et encore plus sur le net
    donc essayez d' eviter les sites pornos , de crack ,ne cliquez pas sur les liens "louches" (du style "votre PC est infecte",ou liens d'inconnus) , n'installez pas un prog si vous etes pas sur a 200% de sa provenance , PRECAUTION est le mot d'ordre
    mettez votre syteme d'exploitation a jours , et n'installez pas plusieurs anti-virus (un seul a jours suffit),et pour les anti-spy , deux suffisent
    si vos enfants utilise MSN , desactivez les liens ( outils , options , securitee , decocher "autoriser l'affichage des liens dans les fenetres de conversations" , et " autoriser WLM a demmarer une conversation a partir d'un lien dans un navigateur web" , "appliquez")
    et n'oubliez pas qu'une infection est plus facile a eviter qua enlever
    0
    1. AnTi-VIP
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 04:56:48, on 13/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\Mixer.exe
      C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
      C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
      C:\WINDOWS\system32\CAPRPCSK.EXE
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Documents and Settings\Misslin\lsass.exe
      C:\WINDOWS\System32\Rundll32.exe
      C:\WINDOWS\system32\tcntokdm.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      c:\windows\system32\jnwnw64r.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
      O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
      O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
      O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
      O4 - HKLM\..\Run: [{BA-A0-07-71-DW}] c:\windows\system32\jnwnw64r.exe DWramFF
      O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Misslin\lsass.exe
      O4 - HKLM\..\Run: [{15438f06-5409-cbb2-7d92-780c5a865f33}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3d446d95-011f-8f5c-326f-9bab9a8c92d2}.dll" DllInit
      O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntokdm.exe DWramFF
      O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Misslin\Application Data\Deskbar_{B5EDDE39-2AF0-4c5f-8EBE-F1B358E66329}\starter.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ecbba0de] rundll32.exe "C:\WINDOWS\system32\cdbwcvca.dll",b
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [BMef889342] Rundll32.exe "C:\WINDOWS\system32\qhktsqgt.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
      O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntokdm.exe
      O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64r.exe
      O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: bw+0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      0
  3. hamagil Messages postés 5564 Statut Membre 724
     
    tu peux tenter une restauration du systeme , mais si le virus etais dans le PC a la date de la creation du point de restau , ca changeras rien
    sans compter , qu'en desinfectant , tu ne perdras rien
    0
  4. hamagil Messages postés 5564 Statut Membre 724
     
    tu est sacrement infecte , ta bien fais le scan en mode sans echec avec la restau desactivee ?

    a fixer car infection
    C:\Documents and Settings\Misslin\lsass.exe
    C:\WINDOWS\system32\tcntokdm.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Misslin\lsass.exe
    O4 - HKLM\..\Run: [{15438f06-5409-cbb2-7d92-780c5a865f33}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3d446d95-011f-8f5c-326f-9bab9a8c92d2}.dll" DllIni
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntokdm.exe DWramFF
    O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Misslin\Application Data\Deskbar_{B5EDDE39-2AF0-4c5f-8EBE-F1B358E66329}\starter.exe
    O4 - HKLM\..\Run: [ecbba0de] rundll32.exe "C:\WINDOWS\system32\cdbwcvca.dll",b
    O4 - HKLM\..\Run: [BMef889342] Rundll32.exe "C:\WINDOWS\system32\qhktsqgt.dll",s
    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
    O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

    et a fixer car superflus
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    tout les lignes 018

    il vas falloir que tu passe un coup de "combofix" et de "smitfraudFix"

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. AnTi-VIP
     
    Merde j'crois j'ai oublié de desactivé la restau -_______________-

    C'est quoi un combofix et un smitfraudfix ?

    J'fais quoi maintenant ?
    0
  7. hamagil Messages postés 5564 Statut Membre 724
     
    tu telecharge les progs ( combofix , et smitfraudfix , tu les installe et tu desinfecte ton PC
    les liens que je t'ais mis , te disent comment utiliser les progs
    0
  8. AnTi-VIP
     
    Ok, c'est grave pour la restau ?

    Sinon une fois que ça c'est fait normalement j'ai plus de spyware?
    0
  9. hamagil Messages postés 5564 Statut Membre 724
     
    passe deja un coup de combofix et de smitfraudfix , ca devrais desinfecter ce qui reste dans ton PC
    les progs que tu a deja utilises ne reglent pas ce genre d'infections ( les detournements de bureau et les rootkits )
    mais si tu ne trouve deja plus de spy , pas besoin de refaire un scan avec la restau desactivee ( mais par contre efface les points de restau et recree en un autre , car ceux que tu a s'onts infectes )
    0
  10. AnTi-VIP
     
    Si j'ai bien compris faut mettre le rapport que j'ai posté ici dans le smitfraudfix ?
    0
  11. hamagil Messages postés 5564 Statut Membre 724
     
    dans mon post 6 tu a des liens qui t'explique comment utiliser smitfraudfix , et combofix
    tu telecharge les progs , tu les installe , tu les mets a jours et tu les lance pour desinfecter ton PC
    smitfraudfix est simple d'utilisation , pour combofix , il est assez "special" ( a cause de la demmande d'instal de la console de recuperation , mais tu est pas oblige de l'installer )
    si tu a un doute pour combofix , utilise AVG anti-rootkit a la place
    0
  12. AnTi-VIP
     
    non mais y'a marqué ça, ca veut dire quoi ?
    0
  13. AnTi-VIP
     
    Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
    Poster le rapport sur le forum sécurité. *
    0
  14. AnTi-VIP
     
    Et merde, en attandant la réponse, le fond d'écran et devenu bleue et je pouvais plus rien faire.

    J'ai fais reset et j'arrive sur mozilla, tout mes liens favorix etc disparus

    J'arrive même pas à faire une recherche sur google.

    Je repete ma question car c'etais pas très comprehensible.

    Pour le smitfraudix :

    dans le tuto étape 1 il y'a marqué

    " Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
    Poster le rapport sur le forum sécurité. "

    Je click sur le lien forum sécurité, mais impossible d'afficher la page.
    Il demande de poster un rapport, mais lekel ?
    0
  15. AnTi-VIP
     
    A j'ai compris xD

    mais le prob c'est que j'arrive pas à afficher leur page. Si je te l'envoi tu peux le poster pour moi ?
    0
  16. hamagil Messages postés 5564 Statut Membre 724
     
    normalement , une fois que tu a utilise les deux progs , tu devrais ne plus avoir le probleme du fond d'ecran
    le log , c'est au cas ou , pour verifier que ton PC est completement desinfecte , tu peux reposter un log hijack ici a la place

    mis a part ca qui me semble suspect : C:\windows\system32\jnwnw64r.exe
    fais une recherche dessus , et si tu a un doute suprime le ( avant fais une recherche google , moi j'ai rien trouve dessus )

    mais reposte un log hijack ,car je t'avais aussi dit de suprimer ca : C:\Documents and Settings\Misslin\lsass.exe
    0
  17. AnTi-ViP Messages postés 78 Statut Membre 13
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:56:51, on 14/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\CAPRPCSK.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\windows\system32\jnwnw64r.exe
    C:\Documents and Settings\Misslin\lsass.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: gooochi browser optimizer - {0a8dc68c-e8fe-13e1-ff97-bddff1162de1} - C:\WINDOWS\system32\{3d446d95-011f-8f5c-326f-9bab9a8c92d2}.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7F787FCB-B1E6-48DB-8304-7671DEB43A1E} - C:\WINDOWS\system32\iifgHwvU.dll
    O2 - BHO: {95d775e0-db0b-2ff8-b0c4-f842b6581e38} - {83e1856b-248f-4c0b-8ff2-b0bd0e577d59} - C:\WINDOWS\system32\bahvcykc.dll
    O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - C:\WINDOWS\system32\hgGxUMET.dll
    O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll (file missing)
    O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
    O2 - BHO: (no name) - {F3230736-6A06-4869-AFEA-9884CC361498} - (no file)
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [{BA-A0-07-71-DW}] C:\windows\system32\jnwnw64r.exe DWramFF
    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Misslin\lsass.exe
    O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Misslin\Application Data\Deskbar_{B5EDDE39-2AF0-4c5f-8EBE-F1B358E66329}\starter.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [{15438f06-5409-cbb2-7d92-780c5a865f33}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3d446d95-011f-8f5c-326f-9bab9a8c92d2}.dll" DllInit
    O4 - HKLM\..\Run: [BMef889342] Rundll32.exe "C:\WINDOWS\system32\etlnmahr.dll",s
    O4 - HKLM\..\Run: [ecbba0de] rundll32.exe "C:\WINDOWS\system32\srenknsj.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
    O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64r.exe
    O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bw+0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {1C18D14A-1DD1-4728-95D2-0CC0E1661A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: hgGxUMET - C:\WINDOWS\SYSTEM32\hgGxUMET.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    0
  18. hamagil Messages postés 5564 Statut Membre 724
     
    tu est toujours bien infecte , ces lignes s'onts a fixer car infections ( toujours les memes lignes )
    C:\windows\system32\jnwnw64r.exe
    C:\Documents and Settings\Misslin\lsass.exe

    O2 - BHO: gooochi browser optimizer - {0a8dc68c-e8fe-13e1-ff97-bddff1162de1} - C:\WINDOWS\system32\{3d446d95-011f-8f5c-326f-9bab9a8c92d2}.dll
    O2 - BHO: (no name) - {7F787FCB-B1E6-48DB-8304-7671DEB43A1E} - C:\WINDOWS\system32\iifgHwvU.dll
    O2 - BHO: {95d775e0-db0b-2ff8-b0c4-f842b6581e38} - {83e1856b-248f-4c0b-8ff2-b0bd0e577d59} - C:\WINDOWS\system32\bahvcykc.dll
    O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - C:\WINDOWS\system32\hgGxUMET.dll
    O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll (file missing)
    O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Misslin\lsass.exe
    O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Misslin\Application Data\Deskbar_{B5EDDE39-2AF0-4c5f-8EBE-F1B358E66329}\starter.exe
    O4 - HKLM\..\Run: [{15438f06-5409-cbb2-7d92-780c5a865f33}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3d446d95-011f-8f5c-326f-9bab9a8c92d2}.dll" DllInit
    O4 - HKLM\..\Run: [BMef889342] Rundll32.exe "C:\WINDOWS\system32\etlnmahr.dll",s
    O4 - HKLM\..\Run: [ecbba0de] rundll32.exe "C:\WINDOWS\system32\srenknsj.dll",b
    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
    O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

    vus comment ton pc est encore infecte , tu vas devoir passer en mode-sans-echec ( desinfection systeme desactive ),tout les progs que je t'ais dit " AVG anti-spy , spybot , ton anti-virus , combofix , smitfraudfix

    si tu arrive toujours pas a desinfecter ( pour nimporte quelle raison ) , tu vas devoir sauvegarder tes docs importants , et reinstaller winxp proprement ( en faisant un formatage bas niveau )
    si tu reinstalle winxp , cree au moins deux partitions , une de 20g pour winxp et le reste du HDD comme partition de sauvegarde
    0
  19. hamagil Messages postés 5564 Statut Membre 724
     
    tu a plus besoin de passer un coup de smitfraudfix
    passe un coup de SDfix a la place : http://mickael.barroux.free.fr/securite/sdfix.php
    et de BTfix : http://www.commentcamarche.net/faq/sujet 9685 supprimer les barres d outils toolbars indesirables
    0
  20. AnTi-ViP Messages postés 78 Statut Membre 13
     
    Pour le SDfix, je l'ai dl et quand je lance, il s'instale puis plus rien ne ce passe :S
    Pour le BTfix il à detecté 3 infections et je les ai correctement nettoyer.
    0
  • 1
  • 2
  • 3