Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse log hijackthis: tftp.exe infeste et impossible a supprimer

picflute

Par picflute
dans Analyses et éradication malwares

 Partager

Messages recommandés

picflute Junior Member

picflute

Posté(e)
Posté(e)

Bonjour,

 

J'explique mon pb:

depuis qlque tps, j'ai parfois ma souris qui se bloque au demarrage, des difficultes a eteindre mon PC, et NOD32 qui me parle d'un virus infectant eim.exe et tftp.exe

 

Comme j'ai pas mal de garde-fous tels spybot, ccleaner, adaware personnal, nod32, je les ai fait tourner mais pas gd chose de trouver et rien en rapport avec mes pbs.

 

En cherchant sur les forums, il semble que ce virus infectant eim.exe, trouve comme etant newheur_pe par NOD32, me fous la zone sur les fichier du genre TFTPxxx.exe et cree des freezes comme j'ai.

Je viens de lancer W32/blaster removal de microsoft et il a rien toruve.

 

Alors, j'ai essaiye maintenant A-sqared free, avast mais j'ai tjs mes pbs.

De plus, je commence a perdre des choses du genre: config mozilla, connexion skype, etc...

 

J'ai aussi remarque que j'avais beacoup de processus de SVCHOST.exe qui me bouffe pas mal de memoires et qui parfois prend tt mon CPU.

SOuent, d'ailleurs, je ne peux pas ouvrir le gestionnaire des taches.

 

J'ai tourne Hijackthis pensant trouver eim.exe ou tftp.exe mais non, rien.

 

Comme je ne sais pas l'analyser, je colle le log ci-dessous.

 

Si vous pouvez m'aider, ce serait super car je n'arrive pas a m'en sortir. Personne n'a pu m'aider ailleurs sur d'autres forums alors je tente ici, on sait jamais.

 

Merci.

 

Logfile of HijackThis v1.99.1

Scan saved at 13:59:02, on 25/02/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\Logi_MwX.Exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Softwin\BitDefender8\bdnagent.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe

C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Quick ShutDown\qsd.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 69.50.166.11 google.co.uk

O1 - Hosts: 69.50.166.11 google.es

O1 - Hosts: 69.50.166.11 google.com.au

O1 - Hosts: 69.50.166.12 www.go.com

O1 - Hosts: 69.50.166.12 go.com

O1 - Hosts: 69.50.166.13 astalavista.com

O1 - Hosts: 69.50.166.13 www.astalavista.com

O1 - Hosts: 69.50.166.13 astalavista.box.sk

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Quick ShutDown.lnk = C:\Program Files\Quick ShutDown\qsd.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Bloc Notes - {AF4F850B-68FF-404C-8417-549F86B1E236} - notepad.exe (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200411...meInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123612552122

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} - http://data.flatcast.com/NpFv415.dll

O18 - Protocol: bw+0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Bonjour,

 

Télécharge HOSTS Manager http://www.malekal.com/tutorial_HOSTS_Manager.php

- Ferme Internet Explorer

- Clic ur Clear en bas à gauche

- Clic sur Save en haut à gauche.

 

NB : Tu peux aussi installer un fichier HOSTS filtrants en suivant les directives du tutorial de ce logiciel.

 

 

- Télécharge et installe AVG Anti-Spyware - Tutorial : http://www.malekal.com/tutorial_AVG_AntiSpyware.html

- Mets le à jour à partir du menu Mise à jour en haut

- Télécharge clean.zip, décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

 

-- Redémarre en mode en mode sans échec, si tu sais pas comment on fait lis ceci

 

Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.

Double-clic sur clean. Cela va ouvrir une fenêtre noire.

Un menu va apparaître, choisis l'option 2 en appuyant sur la touche 2 de ton clavier.

Clean va travailler.

Un rapport Va etre généré, colle le contenu entier ici.

 

- Ouvre AVG Anti-Spyware et clic sur l'onglet Analyse, puis le sous-onglet Paramètres

- Sélectionne dans Comment Réagir ? Quarantine. (voir l'aide l'aide AVG Anti-Spyware)

- Reviens au sous-onglet Analyser puis clique sur Analyse complète du système.

---> Le scan démarre.

 

A la fin clique sur Appliquer toutes les actions, les éléments doivent alors être déplacés en quarantaine.

Puis clique sur Enregistrer le rapport d'analyse et enregistre le rapport sur le Bureau.

 

 

Aide : N'hésite pas à consulter l'Aide AVG Anti-Spyware pour tout problème.

 

 

-- Redémarre en mode normal : Menu Démarrer / Arreter / Redémarre l'ordinateur

Attention : dans le cas où l'ordinateur redémarre en boucle en mode sans échec, faire la manipulation inverse en décochant l'option /SAFEBOOT à l'aide de msconfig : voir à nouveau cette page : cliquez-ici

 

-- Fais un scan en ligne avec Internet Explorer : Scan Kaspersky et colle le rapport ici. Si tu es perdu, tu peux suivre cette aide pour les scans en ligne

-- Copie/Colle ici les rapports :

- AVG Anti-Spyware

- le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt

- ainsi qu'un nouveau log HiJackThis

picflute Junior Member

picflute

Posté(e)
  • Auteur
Posté(e)

Merci beaucoup de votre reponse rapide et detaillee.

 

Apres avoir suivi pas a pas vos instructions, voici le compte-rendu:

 

Rapport CLEAN:

Script execute en mode sans echec

Rapport clean par Malekal_morte - http://www.malekal.com

Option 2, executee le 25/02/2007 a 15:37:27,29

 

Microsoft Windows XP [version 5.1.2600]

 

*** Suppression de fichiers sur C:

 

*** Suppression des fichiers dans C:\WINDOWS\

 

*** Suppression des fichiers dans C:\WINDOWS\system32

 

 

*** Suppression des clefs du registre effectuee..

*** Fin du rapport !

 

Rapport AVG:

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: 16:14:11 25/02/2007

 

+ Résultat de l'analyse:

 

 

 

:mozilla.44:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.46:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.25:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.

:mozilla.26:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.

:mozilla.77:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.78:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.79:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.80:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.81:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.82:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.32:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.33:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.47:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.

:mozilla.93:C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\q4949ysa.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

 

 

Fin du rapport

 

Rapport Kaspersky:

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, February 25, 2007 6:07:58 PM

Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 25/02/2007

Kaspersky Anti-Virus database records: 257927

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

F:\

G:\

 

Scan Statistics:

Total number of scanned objects: 46114

Number of viruses found: 1

Number of infected objects: 1 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:37:49

 

Infected Object Name / Virus Name / Last Action

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\$_hpcst$.hpc Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Cyrille\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Cyrille\Local Settings\Temp\Perflib_Perfdata_724.dat Object is locked skipped

C:\Documents and Settings\Cyrille\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Cyrille\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Cyrille\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Cyrille\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Cyrille\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Cyrille\ntuser.dat.LOG Object is locked skipped

C:\Program Files\ESET\logs\virlog.dat Object is locked skipped

C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped

C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped

C:\Program Files\ESET\infected\AF5HVFAA.NQF Infected: Backdoor.Win32.Rbot.bvz skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped

C:\System Volume Information\_restore{30FC1567-310E-4D27-B17E-5421591F537D}\RP700\change.log Object is locked skipped

 

Scan process completed.

 

Nouveau rapport Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 18:10:23, on 25/02/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe

C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Quick ShutDown\qsd.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\SoftChris\Finance 2003\Finance2003.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - Startup: Quick ShutDown.lnk = C:\Program Files\Quick ShutDown\qsd.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Bloc Notes - {AF4F850B-68FF-404C-8417-549F86B1E236} - notepad.exe (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200411...meInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123612552122

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} -

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} - http://data.flatcast.com/NpFv415.dll

O18 - Protocol: bw+0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {91ABE3F5-BF6E-4A94-9F2F-6B74E9BC610C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

 

Voila, pour moi, ca ne veut pas dire qd chose a part le rapport de kaspersky qui me parle d'un virus mais me donne pas le nom, mais j'espere que pour vous, ca va vous aider a comprendre mon pb.

 

Merci de votre aide.

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Tout semble OK...

 

Je pense que ton problème n'est pas d'origine viral.

Si à la fermeture de Windows.. tu as des prb de fermeture d'applications, suis cette astuce : http://www.malekal.com/optimisation_system...#mozTocId825593

picflute Junior Member

picflute

Posté(e)
  • Auteur
Posté(e)

Merci mais je vois ca ds le rapport de kaspersky:

C:\Program Files\ESET\infected\AF5HVFAA.NQF Infected: Backdoor.Win32.Rbot.bvz skipped

 

Comme etre sur que j'ai vire le virus?

et psui je vois tjs 5 processus SVCHOST.exe dont un a 20meg

 

C normal ca?

 

 

 

et si ct pas un virus, ct quoi qlors?

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Oui c'est normal il est dans la quarantaine de NOD32 (donc inactif dans le système).

Il te faut vider la quarantaine pour supprimer le virus.

  • 3 mois après...
picflute Junior Member

picflute

Posté(e)
  • Auteur
Posté(e)
Oui c'est normal il est dans la quarantaine de NOD32 (donc inactif dans le système).

Il te faut vider la quarantaine pour supprimer le virus.

 

Rebonjour,

 

Mon pb est revenu. tjs pareil: tftp.exe est infect, puis msinnt.exe, uyjbeo.exe, etc... puis plus la possibilite d'ouvrir le gestionnaire de staches.

 

Je vais refaire la meme manip mais comment faire pour ne plus etre infeste par ce virus?

 

Il semble que c'est un trou de securite de WXP SP1?

 

Y'a pas un truc pour corriger cette faille ou pour virer ce virus juste avec un soft?

 

Merci

picflute Junior Member

picflute

Posté(e)
  • Auteur
Posté(e)
Oui le SP1 a des failles mais tu as un pare-feu.

 

Tu es allé sur quel genre de sites dernièrement ?

 

Oui je suis au courant des failles de SP1 mais on ne peut les combler d'une maniere ou d'une autre par un soft?

 

Pour les sites, je suis alle sur des sites pour faire des scripts en java, des pages perso, etc...

 

Au fait, je suis en train de refaire les manip ci-dessus et ma connexion internet est devenue subitment lente, je comprends vraiment rien a ce virus...

picflute Junior Member

picflute

Posté(e)
  • Auteur
Posté(e)
Oui je suis au courant des failles de SP1 mais on ne peut les combler d'une maniere ou d'une autre par un soft?

 

Pour les sites, je suis alle sur des sites pour faire des scripts en java, des pages perso, etc...

 

Au fait, je suis en train de refaire les manip ci-dessus et ma connexion internet est devenue subitment lente, je comprends vraiment rien a ce virus...

 

Bon la, c'est de pire en pire, je narrive meme plus a surfer, recupere mes mails, me connecter a msn, comme si le debit etait subitement tres tres lent.

 

Mon modem fonctionne bien car j'ai un laptop qui est connect en wifi dessus et ca marche (la preuve avec ce message).

 

Si tu as une idde, ca m'interesse parce qu'a part reinstaller XP, je vois pas....

 

Ca m'embete car ka manip de la dernier fois avait marche: reboot en sans echec puis clean....

 

Chui perdu la....

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...