Infecté par Bagle (je crois)

deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention   -  
deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
A la suite d'un problème sur un fichier Excel, j'ai téléchargé (P2P) un "soi-disant" outil de réparation. Quand je l'ai lancé, c'est "NTSB investigators flight recorder..." qui a démarré... et mes ennuis aussi. Avast s'est fermé, Windows defender aussi...etc Dans le gestionnaire de tâche, apparitions rapides d' exe avec des numéros... Finalement HJT, Avast, Defender ne fonctionnent plus (appli win32 non valide).
Durant ma soirée d'hier, j'ai découvert ceci:
Tous les Services Avast sont désactivés, ainsi que ceux de Defender, Pare-feux XP, Mise à jour auto. Si je les réactivent et redémmare (sauf Defender qui ne veux pas), c'est à nouveau désactivé au redémmarage du micro.
En consultant l'observateur d'évenements, ça parlait de 'srosa', de ces fichiers exe à N°, de la désactivation des services...
J'ai cherché tous les fichiers créés à partir de l'heure fatidique et j'ai supprimé le Dossier dowld dans Windows\system32\drivers, ainsi que les réf dans le prefetch.
Bref, j'y suis allé à taton, avec mes petites connaissances. Mais le problème persiste, impossible de démarrer Avast, Hijackthis ni Ccleaner (appli win32 non valide).

So HELPPPP plizzz et merci d'avance.

PS: Depuis des mois (voir des années), je ne peux plus démarrer en Mode Sans Echec. J'ai systématiquement un BSOD (EBdLM en français...)
Configuration: Windows XP Pro SP2
Internet Explorer 7 avec Maxthon 1.8

22 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Hi,

    Télécharges- FindyKill de Chiquitine29 :

    FindyKill de Chiquitine29

    ->-Enregistres le sur ton bureau et pas ailleurs !

    -!! Déconnectes toi et fermes toute applications en cours !!

    ( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

    -> Cliques sur "-FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

    -Notes importantes :
    * si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

    --> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .

    -->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...

    Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus
    0
  2. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Bonjour et merci de t'occuper de moi.
    J'ai fais ce que tu m'as indiqué et voici le rapport:

    ----------------- FindyKill V4.705 ------------------

    * User : _Nathalie - DADAGRENIER
    * Emplacement : C:\Program Files\FindyKill
    * Outils Mis a jours le 17/11/08 par Chiquitine29
    * Recherche effectuée à 18:27:07 le 27/11/2008
    * Windows XP - Internet Explorer 7.0.5730.11

    ((((((((((((((((( *** Recherche *** ))))))))))))))))))

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\explorer.exe

    --------------- [ Fichiers/Dossiers infectieux ] ----------------

    »»»» Presence des fichiers dans C:

    »»»» Presence des fichiers dans C:\WINDOWS

    »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

    Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
    Found ! - C:\WINDOWS\Prefetch\TUNEUP 2007KEYGEN.EXE-0E094E92.pf
    Found ! - C:\WINDOWS\Prefetch\TUNEUP 2007KEYGEN.EXE-0E094E92.pf

    »»»» Presence des fichiers dans C:\WINDOWS\system32

    Found ! [25/11/2008 18:31] - C:\WINDOWS\system32\mdelk.exe
    Found ! [25/11/2008 18:31] - C:\WINDOWS\system32\wintems.exe
    Found ! [03/03/2006 21:39] - C:\WINDOWS\system32\edlm.exe
    Found ! [03/03/2006 21:39] - C:\WINDOWS\system32\edlm2.exe

    »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

    Found ! [27/11/2008 17:18] - C:\WINDOWS\system32\drivers\srosa.sys
    Found ! [27/11/2008 17:18] - C:\WINDOWS\system32\drivers\srosa2.sys
    Found ! [16/06/2006 04:01] - C:\WINDOWS\system32\drivers\winfilse.exe
    Found ! [26/11/2008 00:47] - "C:\WINDOWS\system32\drivers\downld"

    »»»» Presence des fichiers dans C:\Documents and Settings\_Nathalie\Application Data

    »»»» Presence des fichiers dans C:\DOCUME~1\_NATHA~1\LOCALS~1\Temp

    Found ! - C:\DOCUME~1\_NATHA~1\LOCALS~1\Temp\PatchByFile.tmp

    »»»» Presence des fichiers dans C:\Documents and Settings\_Nathalie\Local Settings\Temporary Internet Files\Content.IE5

    Found ! [16/08/2007 19:15] - C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\4XU5ERSF\F22A882BB64228F6352C58F4C2852[1].jpg
    Found ! [16/08/2007 19:42] - C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\KUA9BLSQ\defaultCAMXDJGT.jpg
    Found ! [05/10/2007 22:03] - C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\UP9THBGT\44A810844579F2EBD68B64048C178[1].jpg
    Found ! [25/11/2008 18:32] - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\2GK5KSE7\b64_2[1].jpg
    Found ! [25/11/2008 18:32] - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\7NPAYGT2\b64[1].jpg
    Found ! [25/11/2008 18:31] - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\BR6RDGIT\b64_1[1].jpg
    Found ! [25/11/2008 18:33] - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\BR6RDGIT\b64_1[2].jpg
    Found ! [25/11/2008 18:31] - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\SB9SBJ1E\b64_3[1].jpg
    Found ! [25/07/2008 19:07] - C:\Documents and Settings\_Damien\Mes documents\Ma musique\_DIVERS\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Large.jpg
    Found ! [25/07/2008 19:07] - C:\Documents and Settings\_Damien\Mes documents\Ma musique\_DIVERS\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Small.jpg
    Found ! [02/09/2008 21:57] - C:\Documents and Settings\_Nathalie\Local Settings\Temporary Internet Files\Content.IE5\3NVMKX9F\76707285325e3d5d56b62643cee5dfc47404fc3b2014b64e2a1307cdbedd3e801df8650a[1].jpg
    Found ! [29/10/2008 13:03] - C:\Documents and Settings\_Nathalie\Local Settings\Temporary Internet Files\Content.IE5\7KHTV0F5\vignetteCAB6410R.jpg

    --------------- [ Registre / Startup ] ----------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled=
    H/PC Connection Agent="C:\PROGRA~1\MICROS~4\wcescomm.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

    Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    LogitechCommunicationsManager="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    LVCOMSX="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
    NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz=nwiz.exe /install
    SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    Installed=1
    NoChange=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    --------------- [ Registre / Clés infectieuses ] ----------------

    Found ! - HKEY_USERS\S-1-5-21-507921405-706699826-854245398-1005\Software\Local AppWizard-Generated Applications\winfilse
    Found ! - HKEY_USERS\S-1-5-21-507921405-706699826-854245398-1005\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s

    --------------- [ Etat / Services ] ----------------

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

    - sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

    - sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

    - sans echec non fonctionnel !!

    +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - Type de démarrage = 4

    /!\ Ip6Fw - Type de démarrage = 4

    /!\ SharedAccess - Type de démarrage = 4

    /!\ wuauserv - Type de démarrage = 4

    /!\ wscsvc - Type de démarrage = 4

    /!\ WinDefend - Type de démarrage = 4

    --------------- [ Recherche dans supports amovibles] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    +- presence des fichiers :

    --------------- [ Registre / Mountpoint2 ] ----------------

    -> Not found !

    ------------------- ! Fin du rapport ! --------------------

    Par contre, pendant l'execution, j'ai eu des messages d'erreur, j'ai fais continuer à chaque fois:
    Titre de la fenêtre d'erreur:

    Windows - Pas de disque
    Exeption processing Message c00000013 Parameters 75a.....

    Voilà
    Merci encore
    0
  3. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Hello,

    Après avoir decortiquer le rapport, et consulter les autres post sur sujet, je suis passé à l'option 2 de Findykill. Après le 1er redémarrage, j'ai eu un message "impossible de trouver c:\documents". J'ai cliqué OK et le processus a continué. 2ème démarrage, "déletage" des files et folders, puis "cleanage" des temp files.... et ce rapport.

    ----------------- FindyKill V4.705 ------------------

    * User : _Nathalie - DADAGRENIER
    * executed from : C:\Program Files\FindyKill
    * Update on 17/11/08 par Chiquitine29
    * Start at 21:28:11 the 27/11/2008
    * Windows XP - Internet Explorer 7.0.5730.11

    ((((((((((((((( *** deleting *** ))))))))))))))))))

    --------------- [ Active Processes ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe

    --------------- [ Infected files / folders ] ----------------

    »»»» Supression files in C:

    Deleted ! - C:\InfoSat.txt

    »»»» Supression files in C:\WINDOWS

    »»»» Supression files in C:\WINDOWS\Prefetch

    Deleted ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf

    »»»» Supression files in C:\WINDOWS\system32

    Deleted ! - C:\WINDOWS\system32\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\wintems.exe

    »»»» Supression files in C:\WINDOWS\system32\drivers

    Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
    Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
    Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
    Deleted ! - "C:\WINDOWS\system32\drivers\downld"

    »»»» Supression files in C:\Documents and Settings\_Nathalie\Application Data

    »»»» Supression files in C:\DOCUME~1\_NATHA~1\LOCALS~1\Temp

    »»»» Supression files in C:\Documents and Settings\_Nathalie\Local Settings\Temporary Internet Files\Content.IE5

    Deleted ! - C:\Documents and Settings\Lucile\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{8B64AA80-FE53-4B6A-91F5-8DF34CE2EFA8}.jpg
    Deleted ! - C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\4XU5ERSF\F22A882BB64228F6352C58F4C2852[1].jpg
    Deleted ! - C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\KUA9BLSQ\defaultCAMXDJGT.jpg
    Deleted ! - C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\UP9THBGT\44A810844579F2EBD68B64048C178[1].jpg
    Deleted ! - C:\Documents and Settings\_Damien\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{41465E27-563B-4094-8F66-1BEC8ECBB64B}.jpg
    Deleted ! - C:\Documents and Settings\_Damien\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{54CC59A8-248A-4BA8-9A2F-D9C86BB646F5}.jpg
    Deleted ! - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\2GK5KSE7\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\7NPAYGT2\b64[1].jpg
    Deleted ! - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\BR6RDGIT\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\BR6RDGIT\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\_Damien\Local Settings\Temporary Internet Files\Content.IE5\SB9SBJ1E\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\_Damien\Mes documents\Ma musique\_DIVERS\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Large.jpg
    Deleted ! - C:\Documents and Settings\_Damien\Mes documents\Ma musique\_DIVERS\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Small.jpg
    Deleted ! - C:\Documents and Settings\_Nathalie\Local Settings\Temporary Internet Files\Content.IE5\3NVMKX9F\76707285325e3d5d56b62643cee5dfc47404fc3b2014b64e2a1307cdbedd3e801df8650a[1].jpg
    Deleted ! - C:\Documents and Settings\_Nathalie\Local Settings\Temporary Internet Files\Content.IE5\7KHTV0F5\vignetteCAB6410R.jpg

    --------------- [ Registry / Infected keys ] ----------------

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
    Deleted ! - HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_USERS\S-1-5-21-507921405-706699826-854245398-1005\Software\Local AppWizard-Generated Applications\winfilse

    --------------- [ States / Restarting of services ] ----------------

    +- Safe boot mode restored !

    +- Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - Type of startup = 3

    Ip6Fw - Type of startup = 2

    SharedAccess - Type of startup = 2

    wuauserv - Type of startup = 2

    wscsvc - Type of startup = 2

    WinDefend - Type of startup = 2

    --------------- [ Cleaning removable drives ] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    K: - Lecteur amovible

    +- deleting files :

    --------------- [ Registry / Mountpoint2 ] ----------------

    -> Not found !

    --------------- [ Searching Cracks / Keygen ] ----------------

    C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\5.0\Photo Creations\artwork\backgrounds\texture\Cracked Paint.jpg

    ---------------- ! End of report ! ------------------

    Mon PC te semble débarrasé de cette vacherie?

    Ccleaner refonctionne. Je vais maintenant désinstaller Avast, Windows defender qui ne marchent plus et ne sont pas très efficicaces face à Bagle.... Que me conseilles-tu comme antivirus gratuit efficace (AVG, Antivir...)?

    @+
    0
  4. Utilisateur anonyme
     
    Hi,

    Fait ceci maintenant:

    télécharge hijackthis
    -> enregistre la cible sous .... "le bureau"

    -> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

    -> Clique sur Install ensuite sur "I Accept"

    -> Clique sur" Do a scan system and save log file"

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

    ->Tuto hijackthis(Merci à Balltrap34)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    RE,

    Voici le log Hijackthis (celui-là m'a déjà "sauvé" la vie quelques fois !!)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:37:42, on 27/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\MyIe2\Maxthon\Maxthon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe
    O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
    O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\_Damien\Application Data\m\flec006.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: bw+0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartcomSCPService - Smartcom - C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.safransixty.com/carto.php
    0
  7. Utilisateur anonyme
     
    Hi,

    Relance hijack et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    O18 - Protocol: bw+0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    Ensuite clique sur "Fix checked"

    Refait un hijackthis.
    0
  8. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Et voilà qui est fait..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:37:42, on 27/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\MyIe2\Maxthon\Maxthon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe
    O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
    O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\_Damien\Application Data\m\flec006.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: bw+0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {A59FE6CE-5693-4937-A948-7E4E007BEEFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartcomSCPService - Smartcom - C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.safransixty.com/carto.php
    0
  9. Utilisateur anonyme
     
    Hi,

    NON.

    Relance hijackthis et refait un nouveau hijackthis.

    Alut.
    0
  10. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Bonjour,

    Heu, je me suis trompé de log hier soir... Je refais un HJT ce soir chez moi et je te transmets. Pour l'instant, tout a l'air de remarcher nickel. Antivir (je l'essaye) a trouvé un fichier verollé par Bagle ( genre fc06.exe je crois). As-tu un avis sur un bon antivirus, même payant? Et un anti spyware?

    @+
    0
  11. Utilisateur anonyme
     
    Hi,

    On verras cela en fin de désinfection.

    Alut.
    0
  12. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Voici le log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:29:50, on 28/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\MyIe2\Maxthon\Maxthon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe
    O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
    O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\_Damien\Application Data\m\flec006.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MICROS~4\wcescomm.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-507921405-706699826-854245398-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '_Nathalie')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-507921405-706699826-854245398-1005 Startup: MailWasher Pro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe (User '_Nathalie')
    O4 - S-1-5-21-507921405-706699826-854245398-1005 User Startup: MailWasher Pro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe (User '_Nathalie')
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartcomSCPService - Smartcom - C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.safransixty.com/carto.php
    0
  13. Utilisateur anonyme
     
    Hi,

    -Télécharge et installe MalwareByte's Anti-Malware
    Malwarebyte

    - Mets le à jour

    ---
    - Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
    - Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
    - clique sur Rechercher

    - Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

    - Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

    - Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    - Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

    0
  14. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Bonjour,

    Ca y est, analyse finie... 8h00 de boulot pour MAlwarebyte. Voici le rapport. J'ai bien sur supprimé la selection.

    Bye

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1434
    Windows 5.1.2600 Service Pack 2

    30/11/2008 18:52:04
    mbam-log-2008-11-30 (18-52-04).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 305251
    Temps écoulé: 8 hour(s), 2 minute(s), 38 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTBOOT (Backdoor.Bot) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{4753DBD2-642B-4AA5-9269-4699AC794280}\RP2322\A1693304.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    0
  15. Utilisateur anonyme
     
    Hi,

    Refait un hijackthis après avoir redémarrer ton pc.

    Alut.
    0
  16. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    hi,

    Et voilà

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:42:20, on 01/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    D:\Encarta\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\MyIe2\Maxthon\Maxthon.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe
    O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [L08FXLRD_49902515] "D:\Encarta\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-507921405-706699826-854245398-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '_Nathalie')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-507921405-706699826-854245398-1005 Startup: MailWasher Pro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe (User '_Nathalie')
    O4 - S-1-5-21-507921405-706699826-854245398-1005 User Startup: MailWasher Pro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe (User '_Nathalie')
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} - http://www.seagate.com/support/disc/asp/tools/fr/bin/npseatools.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartcomSCPService - Smartcom - C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.safransixty.com/carto.php
    0
  17. Utilisateur anonyme
     
    Hi,

    Supprime findykill et passe ceci:

    ▶ Rends toi sur ce site :
    http://www.zonavirus.com/datos/descargas/95/elibagla.asp
    ▶ tout en bas de cette page tu trouveras un outil
    à télécharger,clique sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)
    ▶ installe ce fichier sur le Bureau.
    ▶ ensuite double-clic sur Elibagla.exe
    ▶ laisse la case "eliminar ficheros automaticamente" coché
    ▶ clique sur"explorar"
    ▶ laisse-le travailler

    ▶ Redémarre en mode sans échec,

    *Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).

    ▶ relance 2 fois elibagla

    ▶ redémarre en mode normal

    ▶ poste le rapport final qui sera dans c:\infosat.txt
    0
  18. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Salut,
    J'ai tout fais ce que tu m'as dis, voici le résulta. Bizare, il trouve des fichiers la 1ere fois, pas la 2ème et aussi la 3ème fois. Ces fichiers sont là: C:\WINDOWS\$NtServicePackUninstall$
    dois-je les supprimer?
    Merci

    Mon Dec 01 23:03:40 2008
    EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Mon Dec 01 23:03:50 2008
    EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"
    0O3JN9BZ.ZIP -> Bagle44NZ79Z9.ZIP -> Bagle4TRTZRVL.ZIP -> Bagle57TVFTJV.ZIP -> BagleDR17D793.ZIP -> BagleT3B5J7XN.ZIP -> BagleTJPJHRH7.ZIP -> BagleU797RDRJ.ZIP -> BagleZJHBD3B3.ZIP -> Bagle
    Nº Total de Directorios: 16650
    Nº Total de Ficheros: 239301
    Nº de Ficheros Analizados: 21572
    Nº de Ficheros Infectados: 9
    Nº de Ficheros Limpiados: 9

    Mon Dec 01 23:53:23 2008
    EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Nº Total de Directorios: 1270
    Nº Total de Ficheros: 5025
    Nº de Ficheros Analizados: 271
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0
    Exploración Detenida por el Usuario.

    Mon Dec 01 23:55:30 2008
    EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Mon Dec 01 23:55:36 2008
    EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "D:\"

    Nº Total de Directorios: 555
    Nº Total de Ficheros: 11297
    Nº de Ficheros Analizados: 1584
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Mon Dec 01 23:56:39 2008
    EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"
    0O3JN9BZ.ZIP -> Bagle44NZ79Z9.ZIP -> Bagle4TRTZRVL.ZIP -> Bagle57TVFTJV.ZIP -> BagleDR17D793.ZIP -> BagleT3B5J7XN.ZIP -> BagleTJPJHRH7.ZIP -> BagleU797RDRJ.ZIP -> BagleZJHBD3B3.ZIP -> Bagle
    Nº Total de Directorios: 16566
    Nº Total de Ficheros: 237487
    Nº de Ficheros Analizados: 21572
    Nº de Ficheros Infectados: 9
    Nº de Ficheros Limpiados: 9
    0
  19. Utilisateur anonyme
     
    Hi,

    Fait ceci maintenant:

    -Télécharge et installe MalwareByte's Anti-Malware
    Malwarebyte

    - Mets le à jour

    ---
    - Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
    - Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
    - clique sur Rechercher

    - Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

    - Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

    - Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    - Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
    0
  20. deuche1 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Salut,

    J'ai déjà scanné avec Malwarebyte dimanche. Je dois recommencer ?
    Puis-je supprimer les fichiers infectés trouvé par Elibagla?

    Voili voilou
    0
  21. Utilisateur anonyme
     
    Hi,

    Oui iout supprimer et ensuite tu refait un scan complet avec malwarebyte et tu poste le rapport .

    Tu refait par le même un hijackthis.

    Après tout cela.

    Alut.
    0
  • 1
  • 2