A voir également:
- Invasion de virus et de chevaux de troie
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Mcafee alerte de virus critique - Accueil - Piratage
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Impossible de terminer l'opération car le fichier contient un virus - Forum Virus
4 réponses
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
8 juin 2008 à 11:19
8 juin 2008 à 11:19
slt
quelles sont tes problèmes ???
Télécharge sur le bureau hijackthis
Fait un clic droit sur l'icone hijackthis.
/!\Renome hijackthis en skim.exe ( a le place de hijacktihs.exe) c'est important!!/!\
*Après avoir fais ca double-clic dessus.
*Clic sur Do a system scan and save the log
*A la fin de l'analyse un rapport va etre générer colle le ici.
Une démo d'hijackthis
quelles sont tes problèmes ???
Télécharge sur le bureau hijackthis
Fait un clic droit sur l'icone hijackthis.
/!\Renome hijackthis en skim.exe ( a le place de hijacktihs.exe) c'est important!!/!\
*Après avoir fais ca double-clic dessus.
*Clic sur Do a system scan and save the log
*A la fin de l'analyse un rapport va etre générer colle le ici.
Une démo d'hijackthis
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
8 juin 2008 à 12:37
8 juin 2008 à 12:37
ok
Télécharge Navilog
-Choisis Enregistrer et enregistre-le sur ton bureau.
- Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
-Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message " Analyse Termine le ....."
-Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie/colle l'intégralité du rapport dans ta réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
-Si ton antivirus detecte un virus ou un cheval de troie durant l'analyse ignore le.
Télécharge Navilog
-Choisis Enregistrer et enregistre-le sur ton bureau.
- Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
-Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message " Analyse Termine le ....."
-Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie/colle l'intégralité du rapport dans ta réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
-Si ton antivirus detecte un virus ou un cheval de troie durant l'analyse ignore le.
voila le rapport de navilog
Search Navipromo version 3.5.8 commencé le 08/06/2008 à 18:46:29,63
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "ludo"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1.win\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\HhkjQqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\jmmpAcdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\MlmpYcdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\yyFLlUtv.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 08/06/2008 à 18:53:35,66 ***
Search Navipromo version 3.5.8 commencé le 08/06/2008 à 18:46:29,63
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "ludo"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1.win\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\ludo.LUDO-FF6HZI7UZZ\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\HhkjQqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\jmmpAcdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\MlmpYcdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\yyFLlUtv.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 08/06/2008 à 18:53:35,66 ***
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
8 juin 2008 à 19:01
8 juin 2008 à 19:01
ok
Fais un scan avec cet antimalware :
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
Fais un scan avec cet antimalware :
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
voila le rapport que tu ma demander
Malwarebytes' Anti-Malware 1.15
Version de la base de données: 841
20:21:29 08/06/2008
mbam-log-6-8-2008 (20-21-29).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 109343
Temps écoulé: 57 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 54
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\gxobbqbr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\urqQjkhH.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnkjJcA.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a84158f2-d7cd-4608-8b38-428661e6afb7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a84158f2-d7cd-4608-8b38-428661e6afb7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkjjca (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mySearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2879d33f (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2b4ae0a3 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjkhh -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjkhh -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Eroca (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ddcApmmj.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmmpAcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmmpAcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYpmlM.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MlmpYcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MlmpYcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxobbqbr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rbqbboxg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hagfshou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uohsfgah.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQjkhH.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\HhkjQqru.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\HhkjQqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkjJcA.dll (Trojan.Vundo) -> Delete on reboot.
C:\kl.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0963CP27\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Eroca\Eroca.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron\Spc.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0130173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0130189.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132227.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132229.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132235.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132236.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132238.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132239.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132240.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132241.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0133250.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134266.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134267.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134269.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134270.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134271.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134272.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134273.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134274.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP131\A0136286.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP131\A0136289.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP131\A0136290.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe_old (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRJDVn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnKBSL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vntiho05\vntiho051080.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\W3\dutdtx2.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{99847a9e-1331-f230-4841-334cf94b833d}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agakhvei.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.15
Version de la base de données: 841
20:21:29 08/06/2008
mbam-log-6-8-2008 (20-21-29).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 109343
Temps écoulé: 57 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 54
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\gxobbqbr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\urqQjkhH.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnkjJcA.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a84158f2-d7cd-4608-8b38-428661e6afb7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a84158f2-d7cd-4608-8b38-428661e6afb7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkjjca (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mySearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2879d33f (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2b4ae0a3 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjkhh -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjkhh -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Eroca (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ddcApmmj.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmmpAcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmmpAcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYpmlM.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MlmpYcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MlmpYcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxobbqbr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rbqbboxg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hagfshou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uohsfgah.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQjkhH.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\HhkjQqru.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\HhkjQqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkjJcA.dll (Trojan.Vundo) -> Delete on reboot.
C:\kl.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0963CP27\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Eroca\Eroca.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spcron\Spc.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0130173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0130189.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132227.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132229.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132235.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132236.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132238.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132239.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132240.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0132241.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP129\A0133250.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134266.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134267.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134269.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134270.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134271.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134272.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134273.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP130\A0134274.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP131\A0136286.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP131\A0136289.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A31D03F-41E9-43B0-883C-0AC53035E012}\RP131\A0136290.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe_old (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRJDVn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnKBSL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vntiho05\vntiho051080.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\W3\dutdtx2.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{99847a9e-1331-f230-4841-334cf94b833d}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agakhvei.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
8 juin 2008 à 12:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:59, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM2b4ae0a3] Rundll32.exe "C:\WINDOWS\system32\agakhvei.dll",s
O4 - HKLM\..\Run: [2879d33f] rundll32.exe "C:\WINDOWS\system32\gxobbqbr.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {21565851-FD48-4844-BD86-7609BE99D9D0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe