Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu]Trojan Zlob.dnschanger découvert suite scan Spybot

Léon des Landes
 Partager

Messages recommandés

Léon des Landes Member

Léon des Landes

Posté(e)
Posté(e) (modifié)

Je vous remercie de bien vouloir analyser les différents logs qui vont suivre. J'ai appliqué la procédure donnée par Gof à Olly dans le message 48.

Je suis sous Windows XP2. Spybot trouve Zlob.dnschanger à chaque démarrage de Windows même s'il dit l'avoir éliminé au scan précédent.

 

1 : en-tête du log Spybot :

 

--- Search result list ---

Zlob.DNSChanger: TCP/IP Settings #1 (Undefined) (Modification du registre, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}\NameServer=208.67.220.220,208.67.222.222

 

 

2: rapport hijackthis1:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:23:52, on 11/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SPYBOT~1\SpybotSD.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

c:\program files\a-squared free\a2service.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\cidaemon.exe

C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tempsreel.nouvelobs.com/

R3 - Default URLSearchHook is missing

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe

O4 - Startup: wanadoo2.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html

O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

O18 - Protocol: bw+0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 21058 bytes

 

3 : rapport MSLook

 

MsLook.exe execute le : 11/08/2007 23:31:09,98

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKCU"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

"system.ini"=dword:00000000

"win.ini"=dword:00000000

"bootini"=dword:00000000

"services"=dword:00000000

"startup"=dword:00000000

 

 

4 : rapport fixwareout

 

Username "LF" - 11/08/2007 23:35:39 [Fixwareout edited 2007/07/05]

 

»»»»»Prerun check

 

Cache de résolution DNS vidé.

System was rebooted successfully.

 

»»»»» Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

»»»»» Misc files.

....

»»»»» Checking for older varients.

....

 

»»»»» Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dell Photo AIO Printer 922"="\"C:\\Program Files\\Dell Photo AIO Printer 922\\dlbtbmgr.exe\""

"DLBTCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLBTtime.dll,_RunDLLEntry@16"

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

"McAfee Backup"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"

"MBkLogOnHook"="C:\\Program Files\\McAfee\\MBK\\LogOnHook.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fast SysTray]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"POP Peeper"="\"C:\\Program Files\\POP Peeper\\POPPeeper.exe\" -min"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fast SysTray]

....

Hosts file was reset, If you use a custom hosts file please replace it

»»»»» End report »»»»»

 

 

5 : rapport Smitfraudfix option 1

 

SmitFraudFix v2.210

 

Rapport fait à 23:48:50,62, 11/08/2007

Executé à partir de C:\Documents and Settings\LF\Mes documents\Mes T‚l‚chargements\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

c:\program files\a-squared free\a2service.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LF

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LF\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LF\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Intel® PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets

DNS Server Search Order: 207.68.160.190 194.25.2.129 208.67.222.222

DNS Server Search Order: 207.68.160.190 194.25.2.129 208.67.222.222

 

Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

 

Description: WAN (PPP/SLIP) Interface

DNS Server Search Order: 85.255.115.60

DNS Server Search Order: 85.255.112.87

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}: NameServer=85.255.115.60 85.255.112.87

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS2\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: DhcpNameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS3\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}: NameServer=85.255.115.60 85.255.112.87

HKLM\SYSTEM\CS3\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.60 85.255.112.87

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

6 : rapport Smitfraudfix option 2

SmitFraudFix v2.210

 

Rapport fait à 23:59:09,78, 11/08/2007

Executé à partir de C:\Documents and Settings\LF\Mes documents\Mes T‚l‚chargements\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS2\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: DhcpNameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS3\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.60 85.255.112.87

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

7 : rapport Combofix

 

ComboFix 07-08-09.3 - "LF" 2007-08-12 0:04:11.1 - NTFSx86 MINIMAL

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.595 [GMT 2:00]

 

 

((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))

 

 

2007-08-12 00:03 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-11 23:48 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe

2007-08-11 23:48 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe

2007-08-11 23:48 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe

2007-08-11 14:14 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys

2007-08-11 14:14 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys

2007-08-11 14:14 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys

2007-08-11 14:14 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys

2007-08-11 14:14 170,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys

2007-08-11 14:14 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys

2007-08-11 14:13 <REP> d-------- C:\Program Files\McAfee.com

2007-08-11 14:13 <REP> d-------- C:\Program Files\Fichiers communs\McAfee

2007-08-06 19:00 <REP> d-------- C:\Program Files\Arovax AntiSpyware

2007-08-05 00:04 <REP> d-------- C:\Program Files\XoftSpySE

2007-07-25 12:47 <REP> d-------- C:\Program Files\Astonsoft

2007-07-20 22:16 113,128 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys

2007-07-20 22:16 <REP> d-------- C:\Program Files\KeyScrambler

2007-07-19 20:45 <REP> d-------- C:\Program Files\Trend Micro

2007-07-19 14:18 8,774 --a------ C:\dnsbak.reg

2007-07-18 19:48 2,082 --a------ C:\WINDOWS\SYSTEM32\tmp.reg

2007-07-16 22:39 <REP> d-------- C:\DOCUME~1\LF\DoctorWeb

2007-07-15 23:24 29,704 --a------ C:\WINDOWS\SYSTEM32\uxtuneup.dll

2007-07-15 23:23 <REP> d-------- C:\Program Files\TuneUp Utilities 2007

2007-07-15 23:23 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-07-13 22:31 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information

2007-07-12 23:09 <REP> d-------- C:\DOCUME~1\LF\Pavark

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-11 23:39 --------- d-------- C:\DOCUME~1\LF\APEE28~1\OpenOffice.org2

2007-08-11 21:58 --------- d-------- C:\DOCUME~1\LF\APEE28~1\POP Peeper

2007-08-11 21:48 --------- d-------- C:\Program Files\Messenger

2007-08-11 19:22 --------- d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint

2007-08-11 19:18 --------- d-------- C:\DOCUME~1\LF\APEE28~1\McAfee

2007-08-11 14:21 --------- dr------- C:\Program Files\McAfee

2007-08-11 13:04 --------- dr------- C:\Program Files\Kaspersky Lab

2007-08-11 13:04 --------- d-------- C:\DOCUME~1\LF\APEE28~1\Free Download Manager

2007-08-11 00:19 328 --a------ C:\WINDOWS\system32\drivers\fwdrv.err

2007-08-10 23:52 --------- d-------- C:\Program Files\Dl_cats

2007-08-10 21:00 --------- dr------- C:\Program Files\Opera

2007-08-08 00:43 --------- dr------- C:\Program Files\a-squared Free

2007-08-08 00:00 --------- dr------- C:\Program Files\CCleaner

2007-08-07 23:59 --------- dr------- C:\Program Files\RegCleaner

2007-08-05 11:45 --------- d-------- C:\Program Files\FastStone Capture

2007-08-02 20:48 --------- dr------- C:\Program Files\Mozilla Thunderbird

2007-07-31 00:55 --------- d-------- C:\Program Files\Dictionnaire

2007-07-31 00:40 99 ---hs---- C:\Program Files\desktop.ini

2007-07-31 00:40 15086 ---hs---- C:\Program Files\ShedkoFolderico3_74448513.ico

2007-07-29 20:44 --------- d-------- C:\DOCUME~1\LF\APEE28~1\Uniblue

2007-07-27 23:42 --------- dr------- C:\Program Files\FastStone Image Viewer

2007-07-27 23:11 --------- d-------- C:\DOCUME~1\LF\APEE28~1\Simple Sudoku

2007-07-25 18:49 --------- dr------- C:\Program Files\microsoft frontpage

2007-07-25 18:49 --------- dr------- C:\Program Files\LED

2007-07-25 18:25 --------- d-------- C:\Program Files\MSECACHE

2007-07-25 14:10 --------- d-------- C:\Program Files\Fichiers communs\Ahead

2007-07-25 14:10 --------- d-------- C:\Program Files\Ahead

2007-07-25 13:58 73728 --a------ C:\WINDOWS\system32\nvsvc32.exe

2007-07-25 13:01 --------- d-------- C:\DOCUME~1\LF\APEE28~1\DeepBurner

2007-07-25 12:59 --------- d-------- C:\Program Files\EnveloppesEditor1.08

2007-07-21 22:46 23652 --a------ C:\WINDOWS\mozver.dat

2007-07-20 22:57 --------- dr------- C:\Program Files\OpenOffice.org 2.2

2007-07-19 23:17 --------- d-------- C:\Program Files\AxBx

2007-07-19 18:29 --------- d-------- C:\Program Files\Windows Media Connect 2

2007-07-19 18:27 --------- d-------- C:\Program Files\FireTune

2007-07-15 23:45 --------- d-------- C:\Program Files\Free Download Manager

2007-07-15 23:45 --------- d-------- C:\Program Files\FlashGet

2007-07-13 22:46 15360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe

2007-07-13 22:46 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

2007-07-13 00:02 102800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-07-12 14:02 --------- d-------- C:\DOCUME~1\LF\APEE28~1\Webroot

2007-07-11 15:23 83916 --a--c--- C:\WINDOWS\system32\perfc00C.dat

2007-07-11 15:23 506042 --a--c--- C:\WINDOWS\system32\perfh00C.dat

2007-07-07 23:22 --------- d-------- C:\DOCUME~1\LF\APEE28~1\TribalWeb

2007-07-05 21:15 28672 --a------ C:\WINDOWS\system32\LedCommon.dll

2007-07-01 22:00 --------- d-------- C:\Program Files\TribalWeb

2007-06-17 11:08 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-06-16 23:21 --------- dr------- C:\Program Files\Webroot

2007-05-16 17:13 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll

2007-05-16 17:13 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll

2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-05-16 17:13 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-05-16 17:13 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll

2007-05-16 17:13 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll

2005-04-28 20:36:38 56 --sh--r C:\WINDOWS\SYSTEM32\AE2AFF69DA.sys

2006-08-28 15:57:49 5 --sha-w C:\WINDOWS\SYSTEM32\cafbcedbe_g.dll

2005-04-28 20:36:38 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 08:46]

"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 18:41]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINDOWS\KHALMNPR.Exe]

"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-22 06:19]

"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2006-11-16 06:02]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-13 22:46]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

 

C:\Documents and Settings\LF\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

TribalWeb.lnk - C:\Program Files\TribalWeb\tribalweb.exe [2007-07-01 22:00:52]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"=1 (0x1)

"AllowUnhashedWebView"=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogoff"=0 (0x0)

"NoClose"=0 (0x0)

"Nouvelle valeur #1"=1 (0x1)

"ClearRecentDocsOnExit"=1 (0x1)

"NoRecentDocsMenu"=0 (0x0)

"NoFavoritesMenu"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

@="Service"

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Mozilla Thunderbird"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe"

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys

R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys

R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\Drivers\L8042Kbd.sys

R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

R3 LHidUsbK;Logitech SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys

R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

S1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys

S2 MASPINT;MASPINT;C:\WINDOWS\system32\drivers\MASPINT.sys

S2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys

S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs

S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys

S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys

S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys

S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

S3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys

S3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys

S3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys

S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\15.tmp

S3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys

S3 P1110VID;Creative WebCam NX;C:\WINDOWS\system32\DRIVERS\P1110VID.sys

S3 StillCam;Pilote d'appareil photo numérique série;C:\WINDOWS\system32\DRIVERS\serscan.sys

S3 TSP;TSP;\??\C:\WINDOWS\system32\drivers\klif.sys

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59959e18-d2f0-11da-a218-000cf1e53c44}]

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-20 18:02:56 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

2007-08-11 12:13:50 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe

2007-08-11 12:13:48 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe

2007-08-11 21:38:24 C:\WINDOWS\Tasks\Spybot - Search & Destroy.job - C:\PROGRA~1\SPYBOT~1\SpybotSD.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-12 00:05:30

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]

"OODEFRAG08.00.00.01WORKSTATION"="054518811D8F3FC6A930F70611E5F50787B875E2339C9CD01B3D726D1B252B54703D0A1D0CC9218C486F351CB3D3079781754071CDC6D4A4DF9C0EAA031F96EA1B23AEA4A5306E383BA03FD83C0ADE85CFEF2546556865A6EA2C8D5DB3C26B85F444418543DC7EE54A134FB2676FDFC6AE937A018BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E667B3E24808E96166011D88432AC4FA2AC477ABE5C48262BAC7A47065D44FA144B1BB67FC5430CC2325B31FC9ABAEF60657947834729BF4A37DBDD869FED676FA014129E5C734642707479A1291E599C0CD05496D73FC664F51C2A5C225F6E25045F2347821DB19C2DCD7956D8F70F0D1E13D665811EC7EFEA2B86B52C4550FEB24070CCFB04F8EA8ADEC20CBEC96BF1421B38DE2A6F7BED72327B39CEEDF555D14B5A629DFFD9D6D5710BC4585E9F9C86C62EC1CA4EBD860D919F9CB4947461561BBEBE72615D20D8A4D6194C6B9CA11FB472AB80F5D3285229EB0AC0CFD24682BD9BC0F130D6F654B387B1AB51E0DF5D6675C0EFEA266192ACA3D2E843D6811E654EA4A491E6738F364E756E96FD4615C468E1AA0D6C44DF5B576E795813DABDAF3BAE67EC563ACAF6C7A728DCD66243DF1C17C34584DBCDAFB2C10338903BA23056757FBC2BF4D006FFA37DE19BCEF0176EA798C4CB8E2833B1E06675ACCA2AFD99D32A21E0D08B98D23953479835E7FE670779397719EF01900C94E3D612EC4C481AF621E8F2F066B221FF1D71DE9E7DA2F83C56894B6F23BFC7E1B3BBC0978A0A72F42D1407ADFB41C8A94639F713BEC77CD32AAF5D2324F31EF11A88F4539C79AB0DC88CB821B1627342C0E53B8CFBA0D2A7E131BFE28032E8909153CD9441D58DC5F571246D9C24E1ADA0D3667CF68270FE098402CA58BF75C735DD91DAE04D27B0E1A2829956D91DE58DAF908B69AF29A28F652ADCB9F081D4F1AB54F60656F7A3DEB56F01B5161C96F37840BD8FD0F0BB22CF33D927BCAA4322CCD8F142E88EC58AD19C60C2DA7C500A1EE43DABF1245F57B7BF5435F23704539D5655B4E6D885D05A13BDB423F61FCE287E73793015079EDF45A7C8D64A046A8363997BBDE26DD5BD33F5554F5D0ED03CD153BAF5AD8594B9D4C33CE59FB06A5885882EC93C4815EC7A8132E8EE86ED0F8CA87CE8C2E46A668152C6DBC68E9A11F74A7E03506817D4A34061EC025ACDE736A93AF7C4485D0FB6204BA41F4EBCFFAA26696612FAC6FDC7E747538A66D04D83D2A140133ED603242A7098A5298A8D5DB71932AABE4AC338AF58992AC86D8FAECE44468B6EA321AABD9B0B2541169197ED16196872172363E783463A1E33CDF8A3A09702F7FE4F6F4330DC675"

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-08-12 0:07:16

 

--- E O F ---

 

8 : Nouveau rapport Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:11:19, on 12/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe

O4 - Startup: wanadoo2.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html

O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

O18 - Protocol: bw+0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 19955 bytes

 

 

9 : Blacklight n'a rien trouvé.

 

 

Merci à vous tous.

 

J'ai trouvé Gof très clair et professionnel dans ses explications et c'est pourquoi j'ai essayé de suivre sa procédure à la lettre.

Modifié par Léon des Landes

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour Léon des Landes :P

 

Messages: 1
Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

Tu as bien bossé tout seul, mais il vaut mieux éviter de récupérer une procédure sur un autre sujet, elle pourrait ne pas être adapté à ton souci, et entrainer des disfonctionnements que tu ne pourrais pas être en mesure de réparer.

Les procédures postées sont toujours adaptées à chaque cas, et même si certaines sont génériques et s'appliquent sans soucis sur d'autres pc, il vaut mieux éviter de les exécuter sans savoir ce que l'on fait.

 

Est-ce toi qui a rajouté les dns OPENDNS sur ton système ? Il semble que Spybot réagisse sur cette détection.

 

Cependant, il n'a pas vu par contre d'autres DNS, sans doute liés à un reste d'infection de type wareout.

 

Relance un scan HijackThis

  • Clique sur Do a system scan only et coche les lignes ci-dessous :

  • O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87

  • Ferme toutes les fenêtres sauf HijackThis et Fix Checked.

Reposte un log hijackthis en répondant à ma question. A bientôt :P

Léon des Landes Member

Léon des Landes

Posté(e)
  • Auteur
Posté(e)

Bonjour Gof. Merci pour la rapidité de ta réponse.

 

 

 

La ligne 17 que tu me demandes de supprimer n'apparait que lorsque la connexion Adsl est établie. Si je fais le scan déconnecté cette ligne n'apparait pas.

scan sans connexion Adsl : 3 lignes n° 17

scan avec connection Adsl : 4 lignes n° 17 dont celle à supprimer.

D'autre part ma compétence m'interdit d'avoir rajouté volontairement les Dns OPENDNS.

 

Ci joint nouveau scan après suppression de la ligne 17.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:36:46, on 13/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SPYBOT~1\SpybotSD.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

c:\program files\a-squared free\a2service.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe

O4 - Startup: wanadoo2.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html

O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

O18 - Protocol: bw+0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 20773 bytes

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re, :P

 

Déconnecte toi d'internet.

  • Va dans ton menu Demarrer > Paramètres > Connexions réseaux > fais un clic droit sur ta connexion, puis>Propriétés > onglet Gestion de réseau
  • Met en surbrillance Protocole internet (tcp/ip) puis clic sur le bouton Propriétés
  • Efface les 2 IP dans Serveur DNS préfèré et Serveur DNS auxiliaire.
  • Coche Obtenir les adresses des serveurs DNS automatiquement.
  • Valide avec OK.
  • Renouvelle l'opération pour chacune des connexions présentes.
  • Redémarre l'ordinateur et poste un nouveau log hijackthis suivi d'un rapport généré par smitfraudfix en option 1.

Léon des Landes Member

Léon des Landes

Posté(e)
  • Auteur
Posté(e)
Re, :P

 

Déconnecte toi d'internet.

  • Va dans ton menu Demarrer > Paramètres > Connexions réseaux > fais un clic droit sur ta connexion, puis>Propriétés > onglet Gestion de réseau
  • Met en surbrillance Protocole internet (tcp/ip) puis clic sur le bouton Propriétés
  • Efface les 2 IP dans Serveur DNS préfèré et Serveur DNS auxiliaire.
  • Coche Obtenir les adresses des serveurs DNS automatiquement.
  • Valide avec OK.
  • Renouvelle l'opération pour chacune des connexions présentes.
  • Redémarre l'ordinateur et poste un nouveau log hijackthis suivi d'un rapport généré par smitfraudfix en option 1.

 

Gof ou Guy l'Eclair

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:36:28, on 13/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

c:\program files\a-squared free\a2service.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe

O4 - Startup: wanadoo2.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html

O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}: NameServer = 80.10.246.1 80.10.246.132

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

O18 - Protocol: bw+0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 20709 bytes

 

SmitFraudFix v2.210

 

Rapport fait à 14:38:39,07, 13/08/2007

Executé à partir de C:\Documents and Settings\LF\Mes documents\Mes T‚l‚chargements\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

c:\program files\a-squared free\a2service.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LF

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LF\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LF\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: WAN (PPP/SLIP) Interface

DNS Server Search Order: 80.10.246.1

DNS Server Search Order: 80.10.246.132

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}: NameServer=80.10.246.1 80.10.246.132

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS2\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: DhcpNameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS3\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}: NameServer=80.10.246.1 80.10.246.132

HKLM\SYSTEM\CS3\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.60 85.255.112.87

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

j'ai fait ce que tu m'as demandé pour obtenir les dns automatiquement. A la réflexion je pense avoir bidouillé pour venir au choix automatique des dns mais j'étais revenu en arrière ne sachant pas ce que je faisais.

Faut il toucher à la connexion Réseau local intel ® pro/100ve network......

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re :P

 

j'ai fait ce que tu m'as demandé pour obtenir les dns automatiquement. A la réflexion je pense avoir bidouillé pour venir au choix automatique des dns mais j'étais revenu en arrière ne sachant pas ce que je faisais.

Faut il toucher à la connexion Réseau local intel ® pro/100ve network......

 

Oui, fais le pour chacune des connexions configurées sur ton pc. Et renouvelle les rapports hijackthis et smitfraudfix en option 1. En l'état, les entrées sont toujours visibles.

Léon des Landes Member

Léon des Landes

Posté(e)
  • Auteur
Posté(e)

J'ai bien fait ce que tu m'as demandé mais maintenant dans la zone de notification j'ai 2 paires d'écrans dont 2 sont pointés d'un triangle jaune avec un ! Si je passe mon curseur de souris j'ai le message suivant connectivité limitée ou inexistante (connexion au réseau local). Il semble que les connexions apparaissent toujours sur les logs.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:54:51, on 13/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

c:\program files\a-squared free\a2service.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe

O4 - Startup: wanadoo2.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html

O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}: NameServer = 80.10.246.1 80.10.246.132

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

O18 - Protocol: bw+0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {6488CC82-47A7-4A92-90AB-12C4F65F065A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 20705 bytes

 

SmitFraudFix v2.210

 

Rapport fait à 22:56:59,53, 13/08/2007

Executé à partir de C:\Documents and Settings\LF\Mes documents\Mes T‚l‚chargements\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

c:\program files\a-squared free\a2service.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LF

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LF\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LF\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: WAN (PPP/SLIP) Interface

DNS Server Search Order: 80.10.246.1

DNS Server Search Order: 80.10.246.132

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}: NameServer=80.10.246.1 80.10.246.132

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS2\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: DhcpNameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAF27415-7A8C-4647-87C9-363AAE67FDE0}: NameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS2\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=85.255.115.60,85.255.112.87

HKLM\SYSTEM\CS3\Services\Tcpip\..\{593A6C32-B52A-49BB-B438-100F46D81A20}: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS3\Services\Tcpip\..\{5CD2D80C-813E-4E02-A4C7-9B3BADBC17CB}: NameServer=80.10.246.1 80.10.246.132

HKLM\SYSTEM\CS3\Services\Tcpip\..\{C3E6B25B-4F37-4FEB-A5AC-4CBCC0CE5D0F}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.60 85.255.112.87

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re :P

 

Bon. Précise moi quelques petites choses. Quel est ton Founisseur d'accès ? Comment es tu connecté ? A quoi ?

Léon des Landes Member

Léon des Landes

Posté(e)
  • Auteur
Posté(e)

Bonjour Gof

 

Fournisseur wanadoo / orange.

connexion Adsl 512k

Modem Ethernet.

 

Description de mon panneau connexions réseau.

Il est possible que certaines connexions ne servent à rien suite à mauvaise configuration ?

 

1 : Wanadoo

Déconnecté

Speed Touch USB ADSL PPP (Modem 56k supprimé de l'ordi)

LARGE BANDE

 

2 : Wanadoo2

Connecté

Miniport Wan (PPPOE)

Réseau local ou Internet à haute vitesse

 

3: Connexion au réseau local

Connectivité limitée ou inexistante

Intel® PRO/100 VE Network Connection (avec triangle jaune et !)

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour Léon des Landes :P

 

Rends toi sur ce lien; Sauvegarde la page sur ton pc, ou imprime la, de sorte de pouvoir la consulter sans connexion. Assure toi, si tu la sauvegardes, qu'elle soit bien effectuée en essayant de la consulter sans être connecté (affichage des images, etc).

 

Puis, fais un clic droit sur le réseau 1 et 2 et sélectionne "Désactiver". Sur ces réseaux la :

1 : Wanadoo

Déconnecté

Speed Touch USB ADSL PPP (Modem 56k supprimé de l'ordi)

LARGE BANDE

2 : Wanadoo2

Connecté

Miniport Wan (PPPOE)

Réseau local ou Internet à haute vitesse

 

Avais tu déja procédé à une installation de réseau en USB ? Si oui, assure toi de le désinstaller également via Ajout/Suppression de programmes. Vérifie au cas où.

 

Redémarre le pc.

 

Consulte la page du tuto que je t'ai fait sauvegarder ou imprimer et suis les instructions. Au moment où il t'es indiqué de saisir l'IP et les DNS, contrairement à ce qui est écrit, sélectionne pour toi : obtenir les ... automatiquement.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...