alpina d10
-
Compteur de contenus
104 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par alpina d10
-
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonsoir j'ai enfin trouver activ clean et il scan merci je le met en route -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonsoir vous allez dire que je met de la mauvaise volontè mais le lien pour activir ne marche pas -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
re- et si je clic oui pour le systeme error je vais sur le site de defender -install.exe -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour pour le crack je l'ais enlever .quand a qoobox je pense l'avoir bien retirer car apres une recherche je ne le trouve plus sur mon pc quand a la restauration du systeme moi sur mon pc j'ais seulement desactiver la restauration du systeme ce que j'ais fais .et redemarrer mon pc vas beaucoup plus vite a pars qu il se bloque toujours avec cette pub et quand je fais gestionnaire de tache je vois ce truc f-secure backweb agent -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour je viens d'essayer un scan avec panda marche pas maispar contre avec total scan sa marche voici le rapport __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Dropper.Small Path: C:\Program Files\mes films\DivX.Create.Bundle.Multilangages.v6.4.0.Final.Incl.Keygen-DVT.rar/Keymaker.exe Risk: High Name: Downloader.Agent.hyy Path: C:\QooBox\Quarantine\C\XLTH.0XE.vir Risk: High Name: Proxy.Wintu.a Path: C:\QooBox\Quarantine\C\XOIPVS.0XE.vir Risk: High Name: Dialer.InstantAccess.au Path: C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP1140\A0484794.exe Risk: High Name: Dialer.EgroupDial.x Path: C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP1144\A0487148.dll Risk: High Name: Dialer.EgroupDial.ab Path: C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP1153\A0494418.dll Risk: High -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
rebonjour pear et angelique voila le premier rapport: __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Dropper.Small Path: C:\Program Files\mes films\DivX.Create.Bundle.Multilangages.v6.4.0.Final.Incl.Keygen-DVT.rar/Keymaker.exe Risk: High Name: Downloader.Agent.hyy Path: C:\QooBox\Quarantine\C\XLTH.0XE.vir Risk: High Name: Proxy.Wintu.a Path: C:\QooBox\Quarantine\C\XOIPVS.0XE.vir Risk: High Name: Dialer.InstantAccess.au Path: C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP1140\A0484794.exe Risk: High Name: Dialer.EgroupDial.x Path: C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP1144\A0487148.dll Risk: High Name: Dialer.EgroupDial.ab Path: C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP1153\A0494418.dll Risk: High kaperxky met deux heures a le faire et il s'arrete sans mettre de rapport au secours -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour merci angelique voici donc le rapport ComboFix 08-03-04.2 - uset 2008-03-05 11:52:59.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.577 [GMT 1:00] Endroit: C:\Documents and Settings\uset\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\uset\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\DOCUME~1\uset\LOCALS~1\Temp\gtermddo.sys C:\WINDOWS\inf\qwetab.inf C:\WINDOWS\system32\drivers\lvuvc.hs . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Lop SD C:\Lop SD\Backup-Lop\Reg\HKCU_Run.reg C:\Lop SD\Backup-Lop\Reg\HKLM_Run.reg C:\Lop SD\Backup-Lop\Reg\HKLM_Uninstall.reg C:\Lop SD\Rapport-Lop.txt C:\VundoFix Backups C:\WINDOWS\inf\qwetab.inf C:\WINDOWS\system32\drivers\lvuvc.hs . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_GTERMDDO -------\gtermddo -------\qwetab ((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))))))) . 2008-03-05 11:08 . 2008-03-05 11:08 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2008-03-04 18:40 . 2008-03-04 18:40 <REP> d-------- C:\Program Files\Trend Micro 2008-03-04 16:17 . 2008-03-04 16:18 157 --a------ C:\WINDOWS\wininit.ini 2008-03-04 09:50 . 2008-03-04 17:59 <REP> d-------- C:\Program Files\Navilog1 2008-03-03 22:31 . 2008-03-04 10:38 <REP> d-------- C:\Program Files\Panda Security 2008-03-03 21:24 . 2008-03-03 22:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-03-03 21:24 . 2008-03-03 22:19 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-03-03 10:19 . 2008-03-03 12:10 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise 2008-03-03 09:37 . 2008-03-03 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-03 09:36 . 2008-03-03 09:36 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-03 02:40 . 2008-03-03 09:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-03 00:43 . 2008-03-03 09:51 <REP> d-------- C:\Documents and Settings\uset\Application Data\SUPERAntiSpyware.com 2008-03-02 22:34 . 2008-03-02 22:34 1,024 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg 2008-03-02 21:23 . 2008-03-02 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard 2008-03-02 21:21 . 2008-03-02 21:21 <REP> d-------- C:\Program Files\Fichiers communs\iS3 2008-03-02 21:21 . 2008-03-02 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-03-02 19:02 . 2008-03-02 20:34 <REP> d-------- C:\Program Files\Conduit 2008-03-02 18:57 . 2008-03-02 18:57 220,160 --a------ C:\WINDOWS\wmpdxm.dll 2008-03-02 18:14 . 2008-03-02 18:26 632 --a------ C:\WINDOWS\CoD.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-05 07:37 --------- d-----w C:\Program Files\Lx_cats 2008-03-04 18:10 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2008-03-04 17:38 --------- d-----w C:\Program Files\Logitech 2008-03-04 13:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-03 11:10 --------- d-----w C:\Program Files\Hijackthis Version Française 2008-03-03 08:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-03 08:37 --------- d-----w C:\Program Files\Ubisoft 2008-03-02 22:08 --------- d-----w C:\Program Files\eMule 2008-03-02 17:14 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition 2008-03-02 12:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-28 20:34 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-02-28 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-28 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-08 08:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-22 09:07 --------- d-----w C:\Program Files\Lavalys 2008-01-16 09:35 --------- d-----w C:\Program Files\Lexmark 5400 Series 2007-08-20 19:44 47,360 ----a-w C:\Documents and Settings\uset\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61FEBF12-793B-4D8A-8513-D1814FE2A395}] 2008-03-02 18:57 220160 --a------ C:\WINDOWS\wmpdxm.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe" [] "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 10:11 291760] "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 10:12 304048] "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 10:11 82864] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 13:27 106496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Monitor.lnk backup=C:\WINDOWS\pss\Bluetooth Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2005-04-12 14:23 88358 C:\WINDOWS\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2003-10-30 15:46 192512 C:\Program Files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-03-22 20:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY] --a------ 2005-04-28 19:08 675840 C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cselect] --a------ 2005-04-12 16:33 110592 C:\WINDOWS\system32\cselect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 11:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2005-01-14 00:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2005-09-19 08:30 106571 C:\Program Files\F-Secure\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] --a------ 2004-12-24 09:07 28672 C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2004-06-03 09:50 204800 C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --a------ 2005-04-12 14:24 184320 C:\Program Files\ltmoh\Ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meowplatformflawsize] C:\Documents and Settings\All Users\Application Data\internet slow meow platform\DASHWMA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] --a------ 2004-11-17 09:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] --a------ 2005-05-17 08:24 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] --a------ 2005-02-26 06:59 65536 C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2006-07-30 17:08 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook] --a------ 2005-04-20 14:56 28672 C:\WINDOWS\system32\TCtrlIOHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2005-04-11 15:08 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility] --a------ 2005-03-08 14:27 24576 C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF] --a------ 2004-11-30 12:06 53248 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] --a------ 2005-01-21 09:28 266240 C:\WINDOWS\system32\TPSMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] --a------ 2005-04-05 15:25 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming] --a------ 2004-07-14 15:07 24576 C:\WINDOWS\system32\ZoomingHook.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\WINDOWS\\system32\\mcoinstall.exe"= "C:\\WINDOWS\\system32\\lxctcoms.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 14:05] R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-03-09 08:14] R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-19 18:11] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 16:52] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-09-23 08:23] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 11:32] R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2005-09-19 08:30] S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys [] S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 15:36] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2eaee8fe-b2f5-11dc-960b-000fb09d0ed8}] \Shell\AutoRun\command - G:\AutoTransfer.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-03 23:03:00 C:\WINDOWS\Tasks\{3B8240F8-D494-46CD-B756-71204DDF8855}_YOUR-B9C60BC90B_uset.job" - C:\WINDOWS\system32\mobsync.exeI /Schedule= . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-05 11:57:05 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-05 12:00:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-05 11:00:52 ComboFix2.txt 2008-03-04 20:01:16 ComboFix3.txt 2008-03-04 18:27:42 . 2008-02-13 16:39:59 --- E O F --- -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour vous allez dire que je met de la mauvaise volontè mais mon pc est un portable de marque toshiba qui doit avoir un peu pres 3 ans et en regardant pour installer la console je ne sais pas ou trouver le programme que vous me demander -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour j'ais bien telecharger avenger jusqu'a la pas de probleme puis zipper apres je fais un copier coller du texte .le probleme commence ensuite il n y a pas de script file to execute mais input sript here je fais quand meme la manoeuvre en collant le texte ci dessus la case scan for rootkits est cocher. et une fois que j'appuye sur execute il me demande si je veux execute le script je repond oui et apres il me marque error : invalid script avalid script must begin with a command directive abording execution! que faire la je despere -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonsoir voici donc le contenu ComboFix 08-03-04.2 - uset 2008-03-04 20:59:06.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.621 [GMT 1:00] Endroit: C:\Documents and Settings\uset\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\uset\Bureau\cfscript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\amp.bat C:\KL.0XE C:\MHYVFA.0XE C:\mmesckoj.exe C:\WINDOWS\_delis32.ini C:\WINDOWS\apdqnxp.dll C:\WINDOWS\dkxrstqwkx.dll C:\WINDOWS\fqspogw.exe C:\XLTH.0XE C:\XOIPVS.0XE . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\amp.bat C:\KL.0XE C:\MHYVFA.0XE C:\mmesckoj.exe C:\WINDOWS\_delis32.ini C:\WINDOWS\apdqnxp.dll C:\WINDOWS\dkxrstqwkx.dll C:\WINDOWS\fqspogw.exe C:\XLTH.0XE C:\XOIPVS.0XE . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))))))) . 2008-03-04 18:40 . 2008-03-04 18:40 <REP> d-------- C:\Program Files\Trend Micro 2008-03-04 16:17 . 2008-03-04 16:18 157 --a------ C:\WINDOWS\wininit.ini 2008-03-04 09:50 . 2008-03-04 17:59 <REP> d-------- C:\Program Files\Navilog1 2008-03-04 01:03 . 2008-03-04 18:39 <REP> d-------- C:\Lop SD 2008-03-03 22:31 . 2008-03-04 10:38 <REP> d-------- C:\Program Files\Panda Security 2008-03-03 22:25 . 2008-03-03 22:25 <REP> d-------- C:\VundoFix Backups 2008-03-03 21:24 . 2008-03-03 22:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-03-03 21:24 . 2008-03-03 22:19 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-03-03 10:19 . 2008-03-03 12:10 <REP> d-------- C:\Program Files\Hijackthis Version Française 2008-03-03 09:37 . 2008-03-03 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-03 09:36 . 2008-03-03 09:36 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-03 02:40 . 2008-03-03 09:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-03 00:43 . 2008-03-03 09:51 <REP> d-------- C:\Documents and Settings\uset\Application Data\SUPERAntiSpyware.com 2008-03-02 22:34 . 2008-03-02 22:34 1,024 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg 2008-03-02 21:23 . 2008-03-02 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard 2008-03-02 21:21 . 2008-03-02 21:21 <REP> d-------- C:\Program Files\Fichiers communs\iS3 2008-03-02 21:21 . 2008-03-02 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-03-02 19:02 . 2008-03-02 20:34 <REP> d-------- C:\Program Files\Conduit 2008-03-02 18:57 . 2008-03-02 18:57 220,160 --a------ C:\WINDOWS\wmpdxm.dll 2008-03-02 18:14 . 2008-03-02 18:26 632 --a------ C:\WINDOWS\CoD.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-04 19:06 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-03-04 18:25 --------- d-----w C:\Program Files\Lx_cats 2008-03-04 18:10 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2008-03-04 17:38 --------- d-----w C:\Program Files\Logitech 2008-03-04 13:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-03 08:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-03 08:37 --------- d-----w C:\Program Files\Ubisoft 2008-03-02 22:08 --------- d-----w C:\Program Files\eMule 2008-03-02 17:14 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition 2008-03-02 12:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-28 20:34 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-02-28 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-28 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-08 08:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-22 09:07 --------- d-----w C:\Program Files\Lavalys 2008-01-16 09:35 --------- d-----w C:\Program Files\Lexmark 5400 Series 2007-08-20 19:44 47,360 ----a-w C:\Documents and Settings\uset\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61FEBF12-793B-4D8A-8513-D1814FE2A395}] 2008-03-02 18:57 220160 --a------ C:\WINDOWS\wmpdxm.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe" [] "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 10:11 291760] "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 10:12 304048] "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 10:11 82864] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 13:27 106496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Monitor.lnk backup=C:\WINDOWS\pss\Bluetooth Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2005-04-12 14:23 88358 C:\WINDOWS\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2003-10-30 15:46 192512 C:\Program Files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-03-22 20:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY] --a------ 2005-04-28 19:08 675840 C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cselect] --a------ 2005-04-12 16:33 110592 C:\WINDOWS\system32\cselect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 11:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2005-01-14 00:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2005-09-19 08:30 106571 C:\Program Files\F-Secure\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] --a------ 2004-12-24 09:07 28672 C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2004-06-03 09:50 204800 C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --a------ 2005-04-12 14:24 184320 C:\Program Files\ltmoh\Ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mapi third] C:\DOCUME~1\uset\APPLIC~1\GRAMPL~1\heart soap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meowplatformflawsize] C:\Documents and Settings\All Users\Application Data\internet slow meow platform\DASHWMA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] --a------ 2004-11-17 09:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] --a------ 2005-05-17 08:24 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] --a------ 2005-02-26 06:59 65536 C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2006-07-30 17:08 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook] --a------ 2005-04-20 14:56 28672 C:\WINDOWS\system32\TCtrlIOHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2005-04-11 15:08 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility] --a------ 2005-03-08 14:27 24576 C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF] --a------ 2004-11-30 12:06 53248 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] --a------ 2005-01-21 09:28 266240 C:\WINDOWS\system32\TPSMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] --a------ 2005-04-05 15:25 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming] --a------ 2004-07-14 15:07 24576 C:\WINDOWS\system32\ZoomingHook.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\WINDOWS\\system32\\mcoinstall.exe"= "C:\\WINDOWS\\system32\\lxctcoms.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 14:05] R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-03-09 08:14] R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-19 18:11] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 16:52] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-09-23 08:23] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 11:32] R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2005-09-19 08:30] S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys [] S3 gtermddo;gtermddo;C:\DOCUME~1\uset\LOCALS~1\Temp\gtermddo.sys [] S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 15:36] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2eaee8fe-b2f5-11dc-960b-000fb09d0ed8}] \Shell\AutoRun\command - G:\AutoTransfer.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-03 23:03:00 C:\WINDOWS\Tasks\{3B8240F8-D494-46CD-B756-71204DDF8855}_YOUR-B9C60BC90B_uset.job" - C:\WINDOWS\system32\mobsync.exeI /Schedule= . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-04 21:00:30 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qwetab] "ImagePath"="\??\C:\WINDOWS\inf\qwetab.inf" . Temps d'accomplissement: 2008-03-04 21:01:16 ComboFix-quarantined-files.txt 2008-03-04 20:01:00 ComboFix2.txt 2008-03-04 18:27:42 . 2008-02-13 16:39:59 --- E O F --- la c'est vraiment -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonsoir pear voici le premier rapport du nouveau hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:42:37, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivierolivierconroux.spaces.msn.co...ad/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 7322 bytes et voila le deuxieme rapport de comfix ComboFix 08-03-04.2 - uset 2008-03-04 19:18:52.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.630 [GMT 1:00] Endroit: C:\Documents and Settings\uset\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\uset\Application Data\inst.exe C:\Program Files\Helper C:\WINDOWS\system32\bdeeg.ini C:\WINDOWS\system32\bdeeg.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_IPRIP -------\Iprip ((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))))))) . 2008-03-04 20:06 . 2008-03-04 20:06 256 --a------ C:\WINDOWS\_delis32.ini 2008-03-04 18:40 . 2008-03-04 18:40 <REP> d-------- C:\Program Files\Trend Micro 2008-03-04 16:17 . 2008-03-04 16:18 157 --a------ C:\WINDOWS\wininit.ini 2008-03-04 09:50 . 2008-03-04 17:59 <REP> d-------- C:\Program Files\Navilog1 2008-03-04 01:03 . 2008-03-04 18:39 <REP> d-------- C:\Lop SD 2008-03-03 22:31 . 2008-03-04 10:38 <REP> d-------- C:\Program Files\Panda Security 2008-03-03 22:25 . 2008-03-03 22:25 <REP> d-------- C:\VundoFix Backups 2008-03-03 21:24 . 2008-03-03 22:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-03-03 21:24 . 2008-03-03 22:19 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-03-03 10:19 . 2008-03-03 12:10 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise 2008-03-03 09:37 . 2008-03-03 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-03 09:36 . 2008-03-03 09:36 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-03 02:40 . 2008-03-03 09:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-03 00:43 . 2008-03-03 09:51 <REP> d-------- C:\Documents and Settings\uset\Application Data\SUPERAntiSpyware.com 2008-03-02 22:34 . 2008-03-02 22:34 1,024 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg 2008-03-02 21:23 . 2008-03-02 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard 2008-03-02 21:21 . 2008-03-02 21:21 <REP> d-------- C:\Program Files\Fichiers communs\iS3 2008-03-02 21:21 . 2008-03-02 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-03-02 19:02 . 2008-03-02 20:34 <REP> d-------- C:\Program Files\Conduit 2008-03-02 18:57 . 2008-03-02 17:05 253,952 --a------ C:\WINDOWS\dkxrstqwkx.dll 2008-03-02 18:57 . 2008-03-02 18:57 220,160 --a------ C:\WINDOWS\wmpdxm.dll 2008-03-02 18:57 . 2008-03-02 17:05 200,704 --a------ C:\WINDOWS\apdqnxp.dll 2008-03-02 18:57 . 2008-03-02 17:05 81,920 --a------ C:\WINDOWS\fqspogw.exe 2008-03-02 18:57 . 2008-03-02 18:57 47 --a------ C:\amp.bat 2008-03-02 18:56 . 2008-03-02 18:57 300,400 --a------ C:\KL.0XE 2008-03-02 18:56 . 2008-03-02 18:57 58,368 --a------ C:\MHYVFA.0XE 2008-03-02 18:56 . 2008-03-02 18:57 52,236 --a------ C:\XOIPVS.0XE 2008-03-02 18:56 . 2008-03-02 18:56 6,144 --a------ C:\mmesckoj.exe 2008-03-02 18:56 . 2008-03-02 18:56 3,584 --a------ C:\XLTH.0XE 2008-03-02 18:14 . 2008-03-02 18:26 632 --a------ C:\WINDOWS\CoD.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-04 19:06 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-03-04 18:25 --------- d-----w C:\Program Files\Lx_cats 2008-03-04 18:10 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2008-03-04 17:38 --------- d-----w C:\Program Files\Logitech 2008-03-04 13:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-03 11:10 --------- d-----w C:\Program Files\Hijackthis Version Française 2008-03-03 08:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-03 08:37 --------- d-----w C:\Program Files\Ubisoft 2008-03-02 22:08 --------- d-----w C:\Program Files\eMule 2008-03-02 17:14 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition 2008-03-02 17:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-03-02 12:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-28 20:34 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-02-28 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-28 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-08 08:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-22 09:07 --------- d-----w C:\Program Files\Lavalys 2008-01-16 09:35 --------- d-----w C:\Program Files\Lexmark 5400 Series 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-08-20 19:44 47,360 ----a-w C:\Documents and Settings\uset\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61FEBF12-793B-4D8A-8513-D1814FE2A395}] 2008-03-02 18:57 220160 --a------ C:\WINDOWS\wmpdxm.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe" [] "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 10:11 291760] "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 10:12 304048] "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 10:11 82864] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 13:27 106496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Monitor.lnk backup=C:\WINDOWS\pss\Bluetooth Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2005-04-12 14:23 88358 C:\WINDOWS\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2003-10-30 15:46 192512 C:\Program Files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-03-22 20:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY] --a------ 2005-04-28 19:08 675840 C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cselect] --a------ 2005-04-12 16:33 110592 C:\WINDOWS\system32\cselect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 11:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2005-01-14 00:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2005-09-19 08:30 106571 C:\Program Files\F-Secure\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] --a------ 2004-12-24 09:07 28672 C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2004-06-03 09:50 204800 C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --a------ 2005-04-12 14:24 184320 C:\Program Files\ltmoh\Ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner] c:\program files\mailskinner\mailskinner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mapi third] C:\DOCUME~1\uset\APPLIC~1\GRAMPL~1\heart soap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meowplatformflawsize] C:\Documents and Settings\All Users\Application Data\internet slow meow platform\DASHWMA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] --a------ 2004-11-17 09:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] --a------ 2005-05-17 08:24 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] --a------ 2005-02-26 06:59 65536 C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2006-07-30 17:08 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook] --a------ 2005-04-20 14:56 28672 C:\WINDOWS\system32\TCtrlIOHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2005-04-11 15:08 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility] --a------ 2005-03-08 14:27 24576 C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF] --a------ 2004-11-30 12:06 53248 C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] --a------ 2005-01-21 09:28 266240 C:\WINDOWS\system32\TPSMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] --a------ 2005-04-05 15:25 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming] --a------ 2004-07-14 15:07 24576 C:\WINDOWS\system32\ZoomingHook.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\WINDOWS\\system32\\mcoinstall.exe"= "C:\\WINDOWS\\system32\\lxctcoms.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 14:05] R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-03-09 08:14] R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-19 18:11] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 16:52] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-09-23 08:23] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 11:32] R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2005-09-19 08:30] S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys [] S3 gtermddo;gtermddo;C:\DOCUME~1\uset\LOCALS~1\Temp\gtermddo.sys [] S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 11:00] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 15:36] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2eaee8fe-b2f5-11dc-960b-000fb09d0ed8}] \Shell\AutoRun\command - G:\AutoTransfer.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-03 23:03:00 C:\WINDOWS\Tasks\{3B8240F8-D494-46CD-B756-71204DDF8855}_YOUR-B9C60BC90B_uset.job" - C:\WINDOWS\system32\mobsync.exeI /Schedule= . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-04 19:25:08 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qwetab] "ImagePath"="\??\C:\WINDOWS\inf\qwetab.inf" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-04 19:27:41 - machine was rebooted [uset] ComboFix-quarantined-files.txt 2008-03-04 18:27:36 . 2008-02-13 16:39:59 --- E O F --- j 'espere que tout sa pourras faire l'affaire cette fois ci -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour je viens de refaire une manipulation avec cleannavi la voici: Clean Navipromo version 3.4.9 commencé le 04/03/2008 à 17:54:55,59 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 03.03.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans C:\WINDOWS\System32 * * Suppression dans "C:\Documents and Settings\uset\locals~1\applic~1" * *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Suppression dossiers dans "C:\Documents and Settings\uset\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\uset\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\uset\menudm~1\progra~1" *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\uset\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans C:\WINDOWS\system32 * * Dans "C:\Documents and Settings\uset\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Backupnavi *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! *** Nettoyage terminé le 04/03/2008 à 17:59:03,75 *** -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour voila le rapport pour vundo fix: VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 22:25:53 03/03/2008 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 00:39:30 04/03/2008 Listing files found while scanning.... VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 16:34:32 04/03/2008 Listing files found while scanning.... No infected files were found. Beginning removal... quand a l'analyse de hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:36:33, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxctcoms.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\uset\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\RunOnce: [spybotDeletingA5153] command /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old" O4 - HKLM\..\RunOnce: [spybotDeletingC9210] cmd /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old" O4 - HKLM\..\RunOnce: [spybotDeletingA8560] command /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old" O4 - HKLM\..\RunOnce: [spybotDeletingC5152] cmd /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [spybotDeletingB564] command /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old" O4 - HKCU\..\RunOnce: [spybotDeletingD8888] cmd /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old" O4 - HKCU\..\RunOnce: [spybotDeletingB2065] command /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old" O4 - HKCU\..\RunOnce: [spybotDeletingD3865] cmd /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old" O4 - HKCU\..\RunOnce: [spySweeperUninstallSurvey] http://products.webroot.com/disp0201.php?p...;omn=1&rsc= O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivierolivierconroux.spaces.msn.co...ad/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bw+0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 20232 bytes j'espere que cela vas vous aidez encore merci bonjour voila le rapport pour vundo fix: VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 22:25:53 03/03/2008 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 00:39:30 04/03/2008 Listing files found while scanning.... VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 16:34:32 04/03/2008 Listing files found while scanning.... No infected files were found. Beginning removal... quand a l'analyse de hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:36:33, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxctcoms.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\uset\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\RunOnce: [spybotDeletingA5153] command /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old" O4 - HKLM\..\RunOnce: [spybotDeletingC9210] cmd /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old" O4 - HKLM\..\RunOnce: [spybotDeletingA8560] command /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old" O4 - HKLM\..\RunOnce: [spybotDeletingC5152] cmd /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [spybotDeletingB564] command /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old" O4 - HKCU\..\RunOnce: [spybotDeletingD8888] cmd /c del "C:\WINDOWS\enlfxgw.dll_tobedeleted_old" O4 - HKCU\..\RunOnce: [spybotDeletingB2065] command /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old" O4 - HKCU\..\RunOnce: [spybotDeletingD3865] cmd /c del "C:\WINDOWS\btrklfr.dll_tobedeleted_old" O4 - HKCU\..\RunOnce: [spySweeperUninstallSurvey] http://products.webroot.com/disp0201.php?p...;omn=1&rsc= O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivierolivierconroux.spaces.msn.co...ad/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bw+0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 20232 bytes j'espere que cela vas vous aidez encore merci -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour aucun soucis je le fait de suite merci -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour je viens de faire une annalyse avec spy seeper le resultat le fait peu il trouve: adware:180search assitant/zango adware:virtumonde spy cookie:adviva cookie spy cookie: atlas dmt cookie spy coockie bluestreak cookie spy cookie : xiti cookie trojan horse: trojan-dnschanger trojan horse : trojan -downloader-zlob il reste encore tout a ca apres les operations effectuèes ci dessus le truc qui m 'enbete c 'est que ce petit logiciel est payant pouvez vous m 'aidez le probleme perciste encore ralentis de plus en plus mon pc est le fige presque a chaque fois .sans compter le nombre allucinant ou cette pub vient sur mon ecran .il me faut au moins cliquer dix fois dessus pour qu' elle disparraisse merci encore -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour toujours cette qui m 'empoisonne le pc il me ralentis le pc et m'envoye toujour ce message system error: your computer was infected by unknow trojan it's dangerous for your system et.... et si je clic sur ok il me connecte sur le site file -secure.com download et par la suite il m'envoit un dossierdu nom de setup.exe application 2.87mo de 89.149.227.195 enfin bref comment faire -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonsoir je viens d'effectuer la deuxieme manipulation avec lops. et d. voici le rapport pour le petit 1 Détails de l'analyse Niveau de risque élevé (0) Niveau de risque moyen (6) Adware/NaviPro... Adware (logiciel publicitaire) Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1093\A0470746.exe Trj/Downloader... Virus Latent(e) Afficher +Infos C:\XLTH.0XE Adware/NaviPro... Adware (logiciel publicitaire) Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1082\A0468087.exe Trj/Clicker.AC... Virus Latent(e) Afficher +Infos C:\Program Files\mes film...gen-DVT.rar[Keymaker.exe] Dialer.ICT Numéroteur Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1153\A0494418.dll Trj/Rebooter.J Virus Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1153\A0494431.exe C:\System Volume Informat...FDA0}\RP1153\A0494404.exe Niveau de risque faible (12) adware/gimmy Adware (logiciel publicitaire) Latent(e) Afficher +Infos hkey_local_machine\software\gimmysmileys Cookie/Doublec... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...s\uset@doubleclick[2].txt Cookie/Bluestr... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...es\uset@bluestreak[1].txt Dialer.HXF Numéroteur Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1144\A0487148.dll Generic Malwar... Virus Latent(e) Afficher +Infos C:\Documents and Settings...GrooveXtrav181\Groove.x32 Cookie/Tradedo... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\uset@tradedoubler[1].txt Cookie/Adviva Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ookies\uset@adviva[2].txt Dialer.B Numéroteur Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1140\A0484794.exe Cookie/Smartad... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...uset@smartadserver[2].txt Adware/SweetBa... Adware (logiciel publicitaire) Latent(e) Afficher +Infos C:\Program Files\Macrogam...eetIMBarForIE\toolbar.dll Application/Pr... Application de surveillance Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1153\A0494399.exe C:\System Volume Informat...FDA0}\RP1153\A0494424.exe C:\System Volume Informat...FDA0}\RP1153\A0494436.exe Cookie/Xiti Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\Cookies\uset@xiti[1].txt << 1 2 3 4 5 >> Fichiers suspects (3) C:\PROGRAM FILES\F-SECURE...OGRAM\BACKWEB-7681197.EXE C:\PROGRAM FILES\F-SECURE...ERVICEWRAPPER-7681197.EXE C:\WINDOWS\inf\qwetab.inf << 1 2 3 4 5 >> ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 22:25:53 03/03/2008 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 00:39:30 04/03/2008 Listing files found while scanning.... --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 00:58:18, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe C:\DOCUME~1\uset\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivierolivierconroux.spaces.msn.co...ad/MsnPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bw+0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe et enfin petit 2 apres vouloir les supprimer Détails de l'analyse Niveau de risque élevé (0) Niveau de risque moyen (6) Adware/NaviPro... Adware (logiciel publicitaire) Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1093\A0470746.exe Trj/Downloader... Virus Latent(e) Afficher +Infos C:\XLTH.0XE Adware/NaviPro... Adware (logiciel publicitaire) Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1082\A0468087.exe Trj/Clicker.AC... Virus Latent(e) Afficher +Infos C:\Program Files\mes film...gen-DVT.rar[Keymaker.exe] Dialer.ICT Numéroteur Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1153\A0494418.dll Trj/Rebooter.J Virus Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1153\A0494431.exe C:\System Volume Informat...FDA0}\RP1153\A0494404.exe Niveau de risque faible (12) adware/gimmy Adware (logiciel publicitaire) Latent(e) Afficher +Infos hkey_local_machine\software\gimmysmileys Cookie/Doublec... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...s\uset@doubleclick[2].txt Cookie/Bluestr... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...es\uset@bluestreak[1].txt Dialer.HXF Numéroteur Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1144\A0487148.dll Generic Malwar... Virus Latent(e) Afficher +Infos C:\Documents and Settings...GrooveXtrav181\Groove.x32 Cookie/Tradedo... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\uset@tradedoubler[1].txt Cookie/Adviva Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ookies\uset@adviva[2].txt Dialer.B Numéroteur Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1140\A0484794.exe Cookie/Smartad... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...uset@smartadserver[2].txt Adware/SweetBa... Adware (logiciel publicitaire) Latent(e) Afficher +Infos C:\Program Files\Macrogam...eetIMBarForIE\toolbar.dll Application/Pr... Application de surveillance Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1153\A0494399.exe C:\System Volume Informat...FDA0}\RP1153\A0494424.exe C:\System Volume Informat...FDA0}\RP1153\A0494436.exe Cookie/Xiti Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\Cookies\uset@xiti[1].txt << 1 2 3 4 5 >> Fichiers suspects (3) C:\PROGRAM FILES\F-SECURE...OGRAM\BACKWEB-7681197.EXE C:\PROGRAM FILES\F-SECURE...ERVICEWRAPPER-7681197.EXE C:\WINDOWS\inf\qwetab.inf << 1 2 3 4 5 >> ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 22:25:53 03/03/2008 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 00:39:30 04/03/2008 Listing files found while scanning.... --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 00:58:18, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe C:\DOCUME~1\uset\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivierolivierconroux.spaces.msn.co...ad/MsnPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bw+0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe bref la je desepere merci j'attends avec impatience vos reponses -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonsoir apres un long moment sur le pc voici les rapport j espere qu il vous indiqueront quelque chose en premier panda en second vundofix.exe en troisieme hijackthis la pour moi on entre dans une autre dimention Détails de l'analyse Niveau de risque élevé (0) Niveau de risque moyen (6) Adware/NaviPro... Adware (logiciel publicitaire) Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1093\A0470746.exe Trj/Downloader... Virus Latent(e) Afficher +Infos C:\XLTH.0XE Adware/NaviPro... Adware (logiciel publicitaire) Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1082\A0468087.exe Trj/Clicker.AC... Virus Latent(e) Afficher +Infos C:\Program Files\mes film...gen-DVT.rar[Keymaker.exe] Dialer.ICT Numéroteur Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1153\A0494418.dll Trj/Rebooter.J Virus Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1153\A0494431.exe C:\System Volume Informat...FDA0}\RP1153\A0494404.exe Niveau de risque faible (12) adware/gimmy Adware (logiciel publicitaire) Latent(e) Afficher +Infos hkey_local_machine\software\gimmysmileys Cookie/Doublec... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...s\uset@doubleclick[2].txt Cookie/Bluestr... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...es\uset@bluestreak[1].txt Dialer.HXF Numéroteur Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1144\A0487148.dll Generic Malwar... Virus Latent(e) Afficher +Infos C:\Documents and Settings...GrooveXtrav181\Groove.x32 Cookie/Tradedo... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\uset@tradedoubler[1].txt Cookie/Adviva Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ookies\uset@adviva[2].txt Dialer.B Numéroteur Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1140\A0484794.exe Cookie/Smartad... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...uset@smartadserver[2].txt Adware/SweetBa... Adware (logiciel publicitaire) Latent(e) Afficher +Infos C:\Program Files\Macrogam...eetIMBarForIE\toolbar.dll Application/Pr... Application de surveillance Latent(e) Afficher +Infos C:\System Volume Informat...FDA0}\RP1153\A0494399.exe C:\System Volume Informat...FDA0}\RP1153\A0494424.exe C:\System Volume Informat...FDA0}\RP1153\A0494436.exe Cookie/Xiti Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\Cookies\uset@xiti[1].txt << 1 2 3 4 5 >> Fichiers suspects (3) C:\PROGRAM FILES\F-SECURE...OGRAM\BACKWEB-7681197.EXE C:\PROGRAM FILES\F-SECURE...ERVICEWRAPPER-7681197.EXE C:\WINDOWS\inf\qwetab.inf << 1 2 3 4 5 >> ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 22:25:53 03/03/2008 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... VundoFix V6.7.10 Checking Java version... Sun Java not detected Scan started at 00:39:30 04/03/2008 Listing files found while scanning.... --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 00:58:18, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe C:\DOCUME~1\uset\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Media Player - {61FEBF12-793B-4D8A-8513-D1814FE2A395} - C:\WINDOWS\wmpdxm.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://olivierolivierconroux.spaces.msn.co...ad/MsnPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bw+0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {060D11F6-D06F-412B-BBE4-D550DCB0133E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonsoir toujours une lenteur extraordinaire et cette ....pub qui m indique une errueur il faut cliquer dix fois de suite pour quel parte et elle me fige defois la page web sur laquelle je suis -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonsoir oups desoler je croyais poster les 3 en fin de manipulation Clean Navipromo version 3.4.8 commencé le 03/03/2008 à 20:57:04,51 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 25.02.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS *** Creation backups fichiers trouvés par Catchme *** Copie vers "C:\Program Files\navilog1\Backupnavi" Copie C:\WINDOWS\system32\sjnncwvhn.dat réalisée avec succès ! Copie C:\WINDOWS\system32\sjnncwvhn.exe réalisée avec succès ! Copie C:\WINDOWS\system32\sjnncwvhn_nav.dat réalisée avec succès ! Copie C:\WINDOWS\system32\sjnncwvhn_navps.dat réalisée avec succès ! *** Suppression des fichiers trouvés avec Catchme *** C:\WINDOWS\system32\sjnncwvhn.dat supprimé ! C:\WINDOWS\system32\sjnncwvhn.exe supprimé ! C:\WINDOWS\system32\sjnncwvhn_nav.dat supprimé ! C:\WINDOWS\system32\sjnncwvhn_navps.dat supprimé ! ** 2ème passage avec résultats Catchme ** * Dans C:\WINDOWS\system32 * C:\WINDOWS\prefetch\sjnncwvhn*.pf trouvé ! Copie C:\WINDOWS\prefetch\sjnncwvhn*.pf réalisée avec succès ! C:\WINDOWS\prefetch\sjnncwvhn*.pf supprimé ! * Dans "C:\Documents and Settings\uset\locals~1\applic~1" * *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans C:\WINDOWS\System32 * * Suppression dans "C:\Documents and Settings\uset\locals~1\applic~1" * *** Suppression dossiers dans C:\WINDOWS *** C:\WINDOWS\msskinner ...suppression... C:\WINDOWS\msskinner supprimé ! *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Suppression dossiers dans "C:\Documents and Settings\uset\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\uset\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\uset\MENUDM~1\PROGRA~1" *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Suppression fichiers *** C:\WINDOWS\Downloaded Program Files\egaccess4.inf supprimé ! C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé ! C:\WINDOWS\pack.epk supprimé ! C:\WINDOWS\tmlpcert2007 supprimé ! C:\WINDOWS\system32\EGACCESS.dll supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\uset\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans C:\WINDOWS\system32 * * Dans "C:\Documents and Settings\uset\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Backupnavi *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! *** Nettoyage terminé le 03/03/2008 à 21:04:18,15 *** -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
re bonsoir meme en cliquant sur une analyse sa ne marche pas et cette cochonnerie soit me bloque l'image ou je dois clique dix fois de suite pour le faire partir sans compter que mon pc va a la vitesse d'un esgargot affolè -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
re bonsoir scan panda ne m'affiche aucun rapport il me demande meme d'analyser d'autres support comme les disquettes , le poste de travail,mes documents mes e-mails, etc.. que dois je faire??, -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonsoir je fais tout de suite les manipulations que tu me demandes -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
la oui vraiment sa prouve mon incompetence pour l'informatique le rapport donc le voici je pense Search Navipromo version 3.4.8 commencé le 03/03/2008 à 18:10:28,20 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 25.02.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans C:\WINDOWS *** C:\WINDOWS\msskinner trouvé ! *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Recherche dossiers dans "C:\Documents and Settings\uset\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\uset\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\uset\MENUDM~1\PROGRA~1" *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Fichier(s) caché(s) : C:\WINDOWS\system32\sjnncwvhn.dat C:\WINDOWS\system32\sjnncwvhn.exe C:\WINDOWS\system32\sjnncwvhn_nav.dat C:\WINDOWS\system32\sjnncwvhn_navps.dat *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans "C:\Documents and Settings\uset\locals~1\applic~1" * *** Recherche fichiers *** C:\WINDOWS\Downloaded Program Files\egaccess4.inf trouvé ! C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé ! C:\WINDOWS\pack.epk trouvé ! C:\WINDOWS\tmlpcert2007 trouvé ! C:\WINDOWS\system32\EGACCESS.dll trouvé ! C:\WINDOWS\system32\EGACCESS.dll trouvé ! C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\WINDOWS\system32 : sjnncwvhn.dat trouvé ! * Dans "C:\Documents and Settings\uset\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! 4)Recherche fichiers connus : C:\WINDOWS\system32\bdeeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! *** Analyse terminée le 03/03/2008 à 18:14:54,90 ** -
probleme avec un spyware
alpina d10 a répondu à un(e) sujet de alpina d10 dans Analyses et éradication malwares
bonjour , a un moment navilog me demande : 1- recherche 2-desinfection automatique 3-desinfection automatique sans prise en charg resultats catchme/gns 4-desinfection manuelle par saisie nom adware si c 'est bien le petit 1 qu'il faut choisir la reponse qu'il me donne est au-dessus sinon dites quelle chiffre il faut choisir merci desoler pour ce qui vous parez evidemment pour moi c'est un vraiment cauchemar je vais refaire la manipulation pour verifiez le rapport qu il me donne merci pour tes reponses rapides