Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[resolu]Demande d'aide sur mon Rapport HijackThis

JLVIVI

Par JLVIVI
dans Analyses et éradication malwares

 Partager

Messages recommandés

JLVIVI Junior Member

JLVIVI

Posté(e)
Posté(e)

Bonjour !

 

Qui peut m'aider ? Je n'arrive plus à ouvrir Yahoo! mail...

Et parfois sur Yahoo! France ou sur Google, le recherche d'un sujet de fonctionne plus: reste en attente.

 

Voici mon log HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:14:11, on 09/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Hercules\WiFi Station\WifiStation.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe

C:\Program Files\Popit\PopitNG.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: (no name) - {02A9F7FB-DDFB-40C9-A5A6-49542CDB035A} - (no file)

O2 - BHO: (no name) - {0515AD12-2FDC-4AB5-83C5-BBC338864C1D} - (no file)

O2 - BHO: (no name) - {1C9A38FC-41E3-465B-8947-D7F4BAFC3C24} - C:\WINDOWS\system32\urqqpoml.dll

O2 - BHO: (no name) - {2178F3FB-2560-458f-BDEE-631E2FE0DFE4} - (no file)

O2 - BHO: (no name) - {2AA922C9-DCA6-47B9-907D-AF8D2B81088F} - (no file)

O2 - BHO: (no name) - {3DD68D59-770C-4946-8D32-817E1D9ED950} - (no file)

O2 - BHO: (no name) - {535890F8-9335-4AD5-942D-426999D1493C} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {705B8941-13F0-4557-AF8B-A0BCC3D32F20} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A38FBEAB-94C8-434F-82F7-2FF6C6B09237} - (no file)

O2 - BHO: (no name) - {AA04F9F6-AE13-49B1-8B33-81EF89972B5B} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll

O2 - BHO: (no name) - {AD287403-B876-47C6-B147-F41E3CECB70C} - (no file)

O2 - BHO: (no name) - {B5141620-C2B2-4d95-9F0F-134D99C87AB0} - (no file)

O2 - BHO: (no name) - {D5FD78F2-469C-40D0-9DFA-805070509189} - (no file)

O2 - BHO: (no name) - {DB591710-7FF3-49BC-8669-92B76439B4EB} - (no file)

O2 - BHO: {0f4e4e24-ec36-7508-3354-2973bc81dede} - {eded18cb-3792-4533-8057-63ce42e4e4f0} - C:\WINDOWS\system32\jkngmraf.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [48207aff] rundll32.exe "C:\WINDOWS\system32\alaslrvc.dll",b

O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe

O4 - HKLM\..\Run: [bM4b134963] Rundll32.exe "C:\WINDOWS\system32\egeueeer.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: PopitNG.lnk = C:\Program Files\Popit\PopitNG.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WiFi Station.lnk = ?

O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.downloadcontrol.com/files/insta...eInstall_fr.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_uni_dd_final.cab

O18 - Protocol: bw+0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: urqqpnki - urqqpnki.dll (file missing)

O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 22422 bytes

 

 

Merci beaucoup pour votre aide.

Jean-Luc.

 

Voici aussi le "StartupList":

 

StartupList report, 09/06/2008, 23:18:04

StartupList version: 1.52.2

Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16640)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Hercules\WiFi Station\WifiStation.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe

C:\Program Files\Popit\PopitNG.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Jean-Luc VIGNOLI\Menu Démarrer\Programmes\Démarrage]

PopitNG.lnk = C:\Program Files\Popit\PopitNG.exe

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]

Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

WiFi Station.lnk = ?

Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Logitech Hardware Abstraction Layer = KHALMNPR.EXE

LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE

LogitechCameraAssistant = C:\Program Files\Logitech\Video\CameraAssistant.exe

LogitechVideo[inspector] = C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

LogitechCameraService(E) = C:\WINDOWS\system32\ElkCtrl.exe /automation

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

48207aff = rundll32.exe "C:\WINDOWS\system32\alaslrvc.dll",b

rtasks = C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe

BM4b134963 = Rundll32.exe "C:\WINDOWS\system32\egeueeer.dll",s

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\MYLENE~1.SCR

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}

(no name) - (no file) - {02A9F7FB-DDFB-40C9-A5A6-49542CDB035A}

(no name) - (no file) - {0515AD12-2FDC-4AB5-83C5-BBC338864C1D}

(no name) - C:\WINDOWS\system32\urqqpoml.dll - {1C9A38FC-41E3-465B-8947-D7F4BAFC3C24}

(no name) - (no file) - {2178F3FB-2560-458f-BDEE-631E2FE0DFE4}

(no name) - (no file) - {2AA922C9-DCA6-47B9-907D-AF8D2B81088F}

(no name) - (no file) - {3DD68D59-770C-4946-8D32-817E1D9ED950}

(no name) - (no file) - {535890F8-9335-4AD5-942D-426999D1493C}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - (no file) - {705B8941-13F0-4557-AF8B-A0BCC3D32F20}

(no name) - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

(no name) - (no file) - {A38FBEAB-94C8-434F-82F7-2FF6C6B09237}

(no name) - (no file) - {AA04F9F6-AE13-49B1-8B33-81EF89972B5B}

(no name) - c:\program files\google\googletoolbar7.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - (no file) - {AD287403-B876-47C6-B147-F41E3CECB70C}

(no name) - (no file) - {B5141620-C2B2-4d95-9F0F-134D99C87AB0}

(no name) - (no file) - {D5FD78F2-469C-40D0-9DFA-805070509189}

(no name) - (no file) - {DB591710-7FF3-49BC-8669-92B76439B4EB}

{0f4e4e24-ec36-7508-3354-2973bc81dede} - C:\WINDOWS\system32\jkngmraf.dll - {eded18cb-3792-4533-8057-63ce42e4e4f0}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Maintenance en 1 clic.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}]

CODEBASE = http://cdn.downloadcontrol.com/files/insta...eInstall_fr.cab

 

[YInstStarter Class]

InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll

CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

 

[PB_Uploader Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\uploader_uni.ocx

CODEBASE = http://www.photoways.com/clients/uploader_uni_dd_final.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

gimmicks: *Registry key not found*

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

End of report, 8 806 bytes

Report generated in 0,094 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

angelique Devil Member !

angelique

Posté(e)
Posté(e)

salut :P

 

à faire dans l'ordre:

 

1• désactiver TeaTimer de Spybot-S&D (lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer

 

2• relance HijackThis " do a system scan only" ,coche les lignes ci dessous et clic fixchecked:

 

O2 - BHO: (no name) - {02A9F7FB-DDFB-40C9-A5A6-49542CDB035A} - (no file)

O2 - BHO: (no name) - {0515AD12-2FDC-4AB5-83C5-BBC338864C1D} - (no file)

O2 - BHO: (no name) - {2178F3FB-2560-458f-BDEE-631E2FE0DFE4} - (no file)

O2 - BHO: (no name) - {2AA922C9-DCA6-47B9-907D-AF8D2B81088F} - (no file)

O2 - BHO: (no name) - {3DD68D59-770C-4946-8D32-817E1D9ED950} - (no file)

O2 - BHO: (no name) - {535890F8-9335-4AD5-942D-426999D1493C} - (no file)

O2 - BHO: (no name) - {705B8941-13F0-4557-AF8B-A0BCC3D32F20} - (no file)

O2 - BHO: (no name) - {A38FBEAB-94C8-434F-82F7-2FF6C6B09237} - (no file)

O2 - BHO: (no name) - {AA04F9F6-AE13-49B1-8B33-81EF89972B5B} - (no file)

O2 - BHO: (no name) - {AD287403-B876-47C6-B147-F41E3CECB70C} - (no file)

O2 - BHO: (no name) - {B5141620-C2B2-4d95-9F0F-134D99C87AB0} - (no file)

O2 - BHO: (no name) - {D5FD78F2-469C-40D0-9DFA-805070509189} - (no file)

O2 - BHO: (no name) - {DB591710-7FF3-49BC-8669-92B76439B4EB} - (no file)

O4 - HKLM\..\Run: [48207aff] rundll32.exe "C:\WINDOWS\system32\alaslrvc.dll",b

O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe

O4 - HKLM\..\Run: [bM4b134963] Rundll32.exe "C:\WINDOWS\system32\egeueeer.dll",s

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Toutes les O18 SAUF la derniere!!!!!

O18 - Protocol: bw+0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: urqqpnki - urqqpnki.dll (file missing)

O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file)

 

• Desactive temporairement avast et son module self defense:

 

Avast.gif

 

• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Déconnecte toi physiquement d'internet[debranche le cable!!] pour executer CFScript , patiente 10Mn avant de te reconnecter et poste le rapport.

 

» comboFix doit absolument etre sur ton bureau

 

 

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\urqqpoml.dll
C:\WINDOWS\system32\jkngmraf.dll
C:\WINDOWS\system32\alaslrvc.dll
C:\WINDOWS\system32\egeueeer.dll
Folder::
C:\Program Files\WinAntiVirus Pro 2006

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

JLVIVI Junior Member

JLVIVI

Posté(e)
  • Auteur
Posté(e)

Merci Angélique pour ton aide précieuse.

Je vais essayer tout ça ce soir chez moi car ici je suis sur le PC de mon boulot et c'est sur le mien à la maison que j'ai le problème.

 

Au fait, c'est quoi globalement le problème que j'ai là sur mon PC ? (Virus, spyware, trojan cheval de troie, etc... ?)

Je te tiens au courant dès que j'aurai fait les manip, et encore merci.

Jean-Luc.

 

 

salut :P

 

à faire dans l'ordre:

 

1• désactiver TeaTimer de Spybot-S&D (lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer

 

2• relance HijackThis " do a system scan only" ,coche les lignes ci dessous et clic fixchecked:

 

O2 - BHO: (no name) - {02A9F7FB-DDFB-40C9-A5A6-49542CDB035A} - (no file)

O2 - BHO: (no name) - {0515AD12-2FDC-4AB5-83C5-BBC338864C1D} - (no file)

O2 - BHO: (no name) - {2178F3FB-2560-458f-BDEE-631E2FE0DFE4} - (no file)

O2 - BHO: (no name) - {2AA922C9-DCA6-47B9-907D-AF8D2B81088F} - (no file)

O2 - BHO: (no name) - {3DD68D59-770C-4946-8D32-817E1D9ED950} - (no file)

O2 - BHO: (no name) - {535890F8-9335-4AD5-942D-426999D1493C} - (no file)

O2 - BHO: (no name) - {705B8941-13F0-4557-AF8B-A0BCC3D32F20} - (no file)

O2 - BHO: (no name) - {A38FBEAB-94C8-434F-82F7-2FF6C6B09237} - (no file)

O2 - BHO: (no name) - {AA04F9F6-AE13-49B1-8B33-81EF89972B5B} - (no file)

O2 - BHO: (no name) - {AD287403-B876-47C6-B147-F41E3CECB70C} - (no file)

O2 - BHO: (no name) - {B5141620-C2B2-4d95-9F0F-134D99C87AB0} - (no file)

O2 - BHO: (no name) - {D5FD78F2-469C-40D0-9DFA-805070509189} - (no file)

O2 - BHO: (no name) - {DB591710-7FF3-49BC-8669-92B76439B4EB} - (no file)

O4 - HKLM\..\Run: [48207aff] rundll32.exe "C:\WINDOWS\system32\alaslrvc.dll",b

O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe

O4 - HKLM\..\Run: [bM4b134963] Rundll32.exe "C:\WINDOWS\system32\egeueeer.dll",s

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Toutes les O18 SAUF la derniere!!!!!

O18 - Protocol: bw+0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: urqqpnki - urqqpnki.dll (file missing)

O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file)

 

• Desactive temporairement avast et son module self defense:

 

Avast.gif

 

• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Déconnecte toi physiquement d'internet[debranche le cable!!] pour executer CFScript , patiente 10Mn avant de te reconnecter et poste le rapport.

 

» comboFix doit absolument etre sur ton bureau

 

 

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\urqqpoml.dll
C:\WINDOWS\system32\jkngmraf.dll
C:\WINDOWS\system32\alaslrvc.dll
C:\WINDOWS\system32\egeueeer.dll
Folder::
C:\Program Files\WinAntiVirus Pro 2006

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

angelique Devil Member !

angelique

Posté(e)
Posté(e)
Au fait, c'est quoi globalement le problème que j'ai là sur mon PC ? (Virus, spyware, trojan cheval de troie, etc... ?)

 

Trojans Vundo + rogue [faux utilitaire de securité :WinAntiVirus Pro 2006 'qui s'installe en visitant des pages webs piégés, porno par exemple], à 1ere vue deja ;o) , et cetainement d'autres à la vue de ton rapport ComboFix , fait ça dans l'ordre , LIT bien \o_

JLVIVI Junior Member

JLVIVI

Posté(e)
  • Auteur
Posté(e)
Trojans Vundo + rogue [faux utilitaire de securité :WinAntiVirus Pro 2006 'qui s'installe en visitant des pages webs piégés, porno par exemple], à 1ere vue deja ;o) , et cetainement d'autres à la vue de ton rapport ComboFix , fait ça dans l'ordre , LIT bien \o_

 

 

Bonjour Angélique,

 

As-tu eu ma réponse de cette nuit, après que j'ai fait toutes les manip que tu m'avais indiquées et avec mon nouveau fichier ComboFix.txt ?

 

@+,

Jean-Luc.

JLVIVI Junior Member

JLVIVI

Posté(e)
  • Auteur
Posté(e)
Trojans Vundo + rogue [faux utilitaire de securité :WinAntiVirus Pro 2006 'qui s'installe en visitant des pages webs piégés, porno par exemple], à 1ere vue deja ;o) , et cetainement d'autres à la vue de ton rapport ComboFix , fait ça dans l'ordre , LIT bien \o_

 

 

Angélique,

 

J'ai l'impression que tu n'as pas reçu ma réponse de cette nuit, après que j'ai fait toutes les manip que tu m'avais indiquées et avec mon nouveau fichier ComboFix.txt, car je ne retrouve rien dans l'historique.

Je te le renvoie donc.

 

Et tout d'abord, grande nouvelle: ça a marché !!

J'ai pu à la fin de toute la procédure de nouveau ouvrir sans problème Yahoo! Mail, essayé plusieurs sites avec une rapidité de connexion que je n'avais pas eu depuis longtemps...

Donc MERCI BEAUCOUP !

 

Ensuite, je vais te copier/coller deux Log car en fait j'ai peut-être mal compris ta procédure et du coup j'ai lancé deux fois successives ComboFix, une fois tout seul par double clic (Log1), puis en faisant glisser CFScript.txt sur ComboFix (Log2).

Merci de me dire si mon PC contient encore des "trucs" douteux, ou si je n'ai plus de soucis à avoir.

Et que dois-je faire des réglages que j'ai modifiés hier soir concernant Spybot et Avast ?

 

Log1:

 

ComboFix 08-06-10.5 - Jean-Luc VIGNOLI 2008-06-11 22:58:08.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.133 [GMT 2:00]

Endroit: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode

C:\Documents and Settings\Etienne\Application Data\SystemDoctor Free

C:\Documents and Settings\Etienne\Application Data\SystemDoctor Free\Logs\update.log

C:\Program Files\Fichiers communs\SystemDoctor

C:\Program Files\Fichiers communs\SystemDoctor\err.log

C:\WA6P

C:\WA6P\Quar\~GLH0000.TMPxilarzbn

C:\WA6P\Quar\~GLH0001.TMPdlvkaggm

C:\WA6P\Quar\apyeshrl

C:\WA6P\Quar\bhrnqdln

C:\WA6P\Quar\btgfrhfs

C:\WA6P\Quar\btgivuiw

C:\WA6P\Quar\btipireo

C:\WA6P\Quar\btjalzyg

C:\WA6P\Quar\btldnjzu

C:\WA6P\Quar\btnbsgde

C:\WA6P\Quar\btoueoxv

C:\WA6P\Quar\btqbjmbn

C:\WA6P\Quar\btqeuzer

C:\WA6P\Quar\btqpyzyj

C:\WA6P\Quar\bttsarrw

C:\WA6P\Quar\bttvleub

C:\WA6P\Quar\btwjqwqy

C:\WA6P\Quar\BWMIB.DLLfzkjqvni

C:\WA6P\Quar\bwndvzii

C:\WA6P\Quar\BWqlslkp

C:\WA6P\Quar\clbwuqsl

C:\WA6P\Quar\clnjidtc

C:\WA6P\Quar\clpzhugg

C:\WA6P\Quar\clqnilst

C:\WA6P\Quar\clxlrdaq

C:\WA6P\Quar\clyhtahf

C:\WA6P\Quar\deyqwttq

C:\WA6P\Quar\etexvpdi

C:\WA6P\Quar\ethvkczj

C:\WA6P\Quar\etjtumxn

C:\WA6P\Quar\etpffxqc

C:\WA6P\Quar\etqsndhd

C:\WA6P\Quar\Iaajfxdj

C:\WA6P\Quar\Iaalxyjw

C:\WA6P\Quar\IAapdpyu

C:\WA6P\Quar\Iaayislf

C:\WA6P\Quar\Iabqdnbi

C:\WA6P\Quar\Iabquiqb

C:\WA6P\Quar\Iacbkcmt

C:\WA6P\Quar\Iacnwtcr

C:\WA6P\Quar\Iactsosb

C:\WA6P\Quar\IadHide5.dlldtdbekqk

C:\WA6P\Quar\Iadiupmt

C:\WA6P\Quar\Iadqvumv

C:\WA6P\Quar\Iadssgex

C:\WA6P\Quar\Iaeoieel

C:\WA6P\Quar\Iafjnihm

C:\WA6P\Quar\Iafkjtik

C:\WA6P\Quar\Iaghmakx

C:\WA6P\Quar\Iagkjdcg

C:\WA6P\Quar\Iagkwksh

C:\WA6P\Quar\Iagmvdef

C:\WA6P\Quar\Iagqtlrp

C:\WA6P\Quar\Iahgueuv

C:\WA6P\Quar\Iahlnlbx

C:\WA6P\Quar\Iaipxnfl

C:\WA6P\Quar\Iajhkqqy

C:\WA6P\Quar\Iajndwdm

C:\WA6P\Quar\Iajuevzu

C:\WA6P\Quar\Iakifvke

C:\WA6P\Quar\Iakrnxeh

C:\WA6P\Quar\Ialkmare

C:\WA6P\Quar\Iallqthe

C:\WA6P\Quar\Ialslpqc

C:\WA6P\Quar\Iamddwds

C:\WA6P\Quar\Iamtkrvx

C:\WA6P\Quar\Iannfzrq

C:\WA6P\Quar\Iaorwbvj

C:\WA6P\Quar\Iaorxozh

C:\WA6P\Quar\IAovbcjz

C:\WA6P\Quar\Iapaunjf

C:\WA6P\Quar\Iaplrwlz

C:\WA6P\Quar\IApnmzwn

C:\WA6P\Quar\Iapwkbow

C:\WA6P\Quar\Iapxzajy

C:\WA6P\Quar\Iapyfgeg

C:\WA6P\Quar\Iaqgpkjw

C:\WA6P\Quar\Iaqkqdzx

C:\WA6P\Quar\Iargpvac

C:\WA6P\Quar\Iascrkwh

C:\WA6P\Quar\Iasfvcol

C:\WA6P\Quar\Iaskmdpk

C:\WA6P\Quar\Iatayijh

C:\WA6P\Quar\Iatlieqe

C:\WA6P\Quar\Iatpsdpc

C:\WA6P\Quar\Iatvmjoa

C:\WA6P\Quar\Iatxroxc

C:\WA6P\Quar\Iauaxuhz

C:\WA6P\Quar\Iauhmqtr

C:\WA6P\Quar\Iauxrqsu

C:\WA6P\Quar\Iavxtuxu

C:\WA6P\Quar\Iawahkzr

C:\WA6P\Quar\Iawcywkh

C:\WA6P\Quar\Iaxmpdyt

C:\WA6P\Quar\Iayqxzfp

C:\WA6P\Quar\Iazeitvs

C:\WA6P\Quar\Iazfipob

C:\WA6P\Quar\IAzltjls

C:\WA6P\Quar\Iazubita

C:\WA6P\Quar\IMfnarkt

C:\WA6P\Quar\IMfwtxyp

C:\WA6P\Quar\Index.dat

C:\WA6P\Quar\inzcaiys

C:\WA6P\Quar\JEaaahww

C:\WA6P\Quar\JEacbplc

C:\WA6P\Quar\JEacmoyi

C:\WA6P\Quar\JEadcluo

C:\WA6P\Quar\jeadihyt

C:\WA6P\Quar\JEadmkrm

C:\WA6P\Quar\JEadyvtq

C:\WA6P\Quar\JEakbivy

C:\WA6P\Quar\jean-luc_vignoli@bluestreak[1].txtcawvijdw

C:\WA6P\Quar\jean-luc_vignoli@bluestreak[1].txtxjoutddg

C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtaaplxygd

C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtdwtifnwt

C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtecmavaci

C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtnuztixmb

C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtxrijsxcs

C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtygdhqzwm

C:\WA6P\Quar\jean-luc_vignoli@weborama[1].txtdwtifnwt

C:\WA6P\Quar\jean-luc_vignoli@weborama[1].txtnuztixmb

C:\WA6P\Quar\jean-luc_vignoli@weborama[1].txtygdhqzwm

C:\WA6P\Quar\JEaodnil

C:\WA6P\Quar\JEasnqhr

C:\WA6P\Quar\JEassifn

C:\WA6P\Quar\JEaurhqk

C:\WA6P\Quar\JEauvwlg

C:\WA6P\Quar\JEaycswj

C:\WA6P\Quar\JEazaamh

C:\WA6P\Quar\JEazmwyn

C:\WA6P\Quar\JEbacrwi

C:\WA6P\Quar\JEbbcucr

C:\WA6P\Quar\JEbbrpzq

C:\WA6P\Quar\JEbdizge

C:\WA6P\Quar\JEbdylzv

C:\WA6P\Quar\JEbeluxw

C:\WA6P\Quar\JEbjzgyb

C:\WA6P\Quar\JEblemfa

C:\WA6P\Quar\JEbnttdh

C:\WA6P\Quar\JEbpotww

C:\WA6P\Quar\JEbqbfru

C:\WA6P\Quar\JEbtitwi

C:\WA6P\Quar\JEbupvew

C:\WA6P\Quar\JEbuvjrq

C:\WA6P\Quar\JEbwphph

C:\WA6P\Quar\JEbxacew

C:\WA6P\Quar\JEbxddqr

C:\WA6P\Quar\JEbxwwak

C:\WA6P\Quar\JEcagkxz

C:\WA6P\Quar\JEcdgciy

C:\WA6P\Quar\JEcekpyg

C:\WA6P\Quar\JEcivlxe

C:\WA6P\Quar\JEckgamd

C:\WA6P\Quar\JEckrpas

C:\WA6P\Quar\JEcpbfzk

C:\WA6P\Quar\JEcqoqdc

C:\WA6P\Quar\JEcqwkyn

C:\WA6P\Quar\JEcrijpk

C:\WA6P\Quar\JEcwgins

C:\WA6P\Quar\JEcwlmmg

C:\WA6P\Quar\JEcxffzn

C:\WA6P\Quar\JEcxsktz

C:\WA6P\Quar\JEczqdtk

C:\WA6P\Quar\JEdezrgy

C:\WA6P\Quar\JEdghzlo

C:\WA6P\Quar\JEditgpz

C:\WA6P\Quar\JEdmalhy

C:\WA6P\Quar\JEdmemeq

C:\WA6P\Quar\JEdncwzj

C:\WA6P\Quar\JEdoeitv

C:\WA6P\Quar\JEdonpys

C:\WA6P\Quar\JEdouqzk

C:\WA6P\Quar\JEdowajo

C:\WA6P\Quar\JEdplqvy

C:\WA6P\Quar\JEdpmjvw

C:\WA6P\Quar\JEdqkvnq

C:\WA6P\Quar\JEdqoylv

C:\WA6P\Quar\JEdslvhd

C:\WA6P\Quar\JEdtowef

C:\WA6P\Quar\JEdvllnu

C:\WA6P\Quar\JEdvlxfi

C:\WA6P\Quar\JEdvoggd

C:\WA6P\Quar\JEdvqlrx

C:\WA6P\Quar\JEdvsxvr

C:\WA6P\Quar\JEdyehiw

C:\WA6P\Quar\JEdyqeml

C:\WA6P\Quar\JEeayhhh

C:\WA6P\Quar\JEeccfme

C:\WA6P\Quar\JEedxwya

C:\WA6P\Quar\JEejdism

C:\WA6P\Quar\JEejuajm

C:\WA6P\Quar\JEeklian

C:\WA6P\Quar\JEekqvgo

C:\WA6P\Quar\JEeleaps

C:\WA6P\Quar\JEendfer

C:\WA6P\Quar\JEeqbjae

C:\WA6P\Quar\JEerwjrr

C:\WA6P\Quar\JEerwsom

C:\WA6P\Quar\JEescgpw

C:\WA6P\Quar\JEfblvlf

C:\WA6P\Quar\JEfbmmnv

C:\WA6P\Quar\JEfbnpav

C:\WA6P\Quar\JEfczack

C:\WA6P\Quar\JEfdeoxn

C:\WA6P\Quar\JEfdwdcn

C:\WA6P\Quar\JEfecjwj

C:\WA6P\Quar\JEfetpcx

C:\WA6P\Quar\JEfhbzlr

C:\WA6P\Quar\JEfjniko

C:\WA6P\Quar\JEfmnbfc

C:\WA6P\Quar\JEfnoins

C:\WA6P\Quar\JEfohpkm

C:\WA6P\Quar\JEfozwkk

C:\WA6P\Quar\JEfqzexi

C:\WA6P\Quar\JEftmvqa

C:\WA6P\Quar\JEftnwhi

C:\WA6P\Quar\JEfudlxr

C:\WA6P\Quar\JEfumacx

C:\WA6P\Quar\JEgchfwr

C:\WA6P\Quar\JEgdntcr

C:\WA6P\Quar\JEgdzniv

C:\WA6P\Quar\JEgeprlc

C:\WA6P\Quar\jegfsnvw

C:\WA6P\Quar\JEgggkae

C:\WA6P\Quar\JEghjugv

C:\WA6P\Quar\JEgkmzxc

C:\WA6P\Quar\JEglohdu

C:\WA6P\Quar\JEglrhno

C:\WA6P\Quar\JEgncvnp

C:\WA6P\Quar\JEgqdwyc

C:\WA6P\Quar\JEgtamyv

C:\WA6P\Quar\JEgvbxuf

C:\WA6P\Quar\JEgvdbfm

C:\WA6P\Quar\JEgwdfuo

C:\WA6P\Quar\JEgwhawk

C:\WA6P\Quar\JEgyeade

C:\WA6P\Quar\JEgyrfur

C:\WA6P\Quar\JEgzrnkl

C:\WA6P\Quar\JEgzynbb

C:\WA6P\Quar\JEhcekgo

C:\WA6P\Quar\jehdyvbz

C:\WA6P\Quar\JEhgogib

C:\WA6P\Quar\JEhjthbm

C:\WA6P\Quar\JEhlupur

C:\WA6P\Quar\JEhmeefc

C:\WA6P\Quar\JEhmjauz

C:\WA6P\Quar\jehojdwq

C:\WA6P\Quar\JEhpdlxi

C:\WA6P\Quar\JEhunmvm

C:\WA6P\Quar\JEhwzpow

C:\WA6P\Quar\JEhxhzmr

C:\WA6P\Quar\JEiawsyk

C:\WA6P\Quar\JEicgrgy

C:\WA6P\Quar\JEieggin

C:\WA6P\Quar\JEifrdxy

C:\WA6P\Quar\JEihtomn

C:\WA6P\Quar\JEijnxon

C:\WA6P\Quar\JEikngkv

C:\WA6P\Quar\JEimaiam

C:\WA6P\Quar\JEimlnsz

C:\WA6P\Quar\JEimodca

C:\WA6P\Quar\JEimootl

C:\WA6P\Quar\JEinmgoh

C:\WA6P\Quar\JEipfpzd

C:\WA6P\Quar\JEirisdx

C:\WA6P\Quar\JEirwimg

C:\WA6P\Quar\JEirwmeq

C:\WA6P\Quar\JEiwtsno

C:\WA6P\Quar\JEixwejv

C:\WA6P\Quar\JEjcvluz

C:\WA6P\Quar\JEjgfmge

C:\WA6P\Quar\JEjhyvuq

C:\WA6P\Quar\JEjifedv

C:\WA6P\Quar\JEjlauui

C:\WA6P\Quar\JEjoegsd

C:\WA6P\Quar\JEjoskbp

C:\WA6P\Quar\JEjpwutt

C:\WA6P\Quar\JEjrdfez

C:\WA6P\Quar\JEjtbawj

C:\WA6P\Quar\JEjvnsyt

C:\WA6P\Quar\JEjxuwju

C:\WA6P\Quar\JEjzawqi

C:\WA6P\Quar\JEkfpdkb

C:\WA6P\Quar\JEkggwze

C:\WA6P\Quar\JEkgplnh

C:\WA6P\Quar\JEkhtquk

C:\WA6P\Quar\JEkmxhtb

C:\WA6P\Quar\JEkndjmu

C:\WA6P\Quar\JEkpkqqp

C:\WA6P\Quar\JEkqpkyr

C:\WA6P\Quar\JEkrwmzh

C:\WA6P\Quar\JEktkdfa

C:\WA6P\Quar\JEktoxfm

C:\WA6P\Quar\JEktwjqu

C:\WA6P\Quar\JEkyyclg

C:\WA6P\Quar\JElcflhj

C:\WA6P\Quar\JEligbte

C:\WA6P\Quar\JElldaxr

C:\WA6P\Quar\JElmavul

C:\WA6P\Quar\JEloibpx

C:\WA6P\Quar\JElpdljg

C:\WA6P\Quar\JElposnl

C:\WA6P\Quar\JElriccr

C:\WA6P\Quar\JElrzuwc

C:\WA6P\Quar\JEltfwgp

C:\WA6P\Quar\JElwazjm

C:\WA6P\Quar\JElxrbho

C:\WA6P\Quar\JElzgohh

C:\WA6P\Quar\JElzwwpw

C:\WA6P\Quar\JEmbexvq

C:\WA6P\Quar\JEmewbxn

C:\WA6P\Quar\JEmfgjzx

C:\WA6P\Quar\JEmixlcd

C:\WA6P\Quar\JEmjtphf

C:\WA6P\Quar\JEmlrahp

C:\WA6P\Quar\JEmmlqaj

C:\WA6P\Quar\JEmmrpty

C:\WA6P\Quar\JEmrhvil

C:\WA6P\Quar\JEmrjtuz

C:\WA6P\Quar\JEmsixut

C:\WA6P\Quar\JEmsmkml

C:\WA6P\Quar\JEmtgvpy

C:\WA6P\Quar\JEmtqvsx

C:\WA6P\Quar\JEmvqpfc

C:\WA6P\Quar\JEmwacvm

C:\WA6P\Quar\JEmwqlux

C:\WA6P\Quar\JEmxvmvy

C:\WA6P\Quar\JEmxvwlu

C:\WA6P\Quar\JEmymuts

C:\WA6P\Quar\JEnazagk

C:\WA6P\Quar\JEnbmbmw

C:\WA6P\Quar\JEnchfxa

C:\WA6P\Quar\JEndmfeu

C:\WA6P\Quar\JEnlrprg

C:\WA6P\Quar\JEnnznmr

C:\WA6P\Quar\JEnoeeix

C:\WA6P\Quar\JEnoobrh

C:\WA6P\Quar\JEnrecaa

C:\WA6P\Quar\JEntvjro

C:\WA6P\Quar\JEnurtiw

C:\WA6P\Quar\JEnwbvxr

C:\WA6P\Quar\JEoagopx

C:\WA6P\Quar\JEoarqop

C:\WA6P\Quar\JEoatjlx

C:\WA6P\Quar\JEobmsuz

C:\WA6P\Quar\jeocdyli

C:\WA6P\Quar\JEoeznai

C:\WA6P\Quar\JEofdhgz

C:\WA6P\Quar\JEofkapt

C:\WA6P\Quar\JEoicxlh

C:\WA6P\Quar\JEolsccn

C:\WA6P\Quar\JEoopwnx

C:\WA6P\Quar\JEormens

C:\WA6P\Quar\JEosvujd

C:\WA6P\Quar\JEovbbto

C:\WA6P\Quar\JEowndzs

C:\WA6P\Quar\JEoxgxpf

C:\WA6P\Quar\JEoydigq

C:\WA6P\Quar\JEozojyh

C:\WA6P\Quar\JEpbcguk

C:\WA6P\Quar\JEpceain

C:\WA6P\Quar\jepdwlot

C:\WA6P\Quar\JEpfkgen

C:\WA6P\Quar\JEpfvshx

C:\WA6P\Quar\JEpioxpe

C:\WA6P\Quar\JEpivckk

C:\WA6P\Quar\JEpjuxgc

C:\WA6P\Quar\JEpjzmwk

C:\WA6P\Quar\JEplunfv

C:\WA6P\Quar\JEpmeyaz

C:\WA6P\Quar\JEpnwyhg

C:\WA6P\Quar\JEprzosr

C:\WA6P\Quar\JEptenqh

C:\WA6P\Quar\JEptwiyu

C:\WA6P\Quar\JEptywfy

C:\WA6P\Quar\JEpvdyyf

C:\WA6P\Quar\JEpwouxl

C:\WA6P\Quar\JEpyydbx

C:\WA6P\Quar\JEpziqag

C:\WA6P\Quar\JEqcxace

C:\WA6P\Quar\JEqdtjwb

C:\WA6P\Quar\JEqhozlt

C:\WA6P\Quar\JEqhsiaw

C:\WA6P\Quar\JEqhwwpa

C:\WA6P\Quar\JEqiigvm

C:\WA6P\Quar\JEqjgjbr

C:\WA6P\Quar\JEqmhvtr

C:\WA6P\Quar\JEqqnzid

C:\WA6P\Quar\JEqyfixw

C:\WA6P\Quar\JErbkmri

C:\WA6P\Quar\JErccyod

C:\WA6P\Quar\JErdwhyk

C:\WA6P\Quar\JErfcaye

C:\WA6P\Quar\JErkcoib

C:\WA6P\Quar\JErkiyqu

C:\WA6P\Quar\JErktmao

C:\WA6P\Quar\JErnjsqu

C:\WA6P\Quar\JErpqlsg

C:\WA6P\Quar\JErrortx

C:\WA6P\Quar\JEruzvnf

C:\WA6P\Quar\JErywrfb

C:\WA6P\Quar\JEsficyf

C:\WA6P\Quar\JEsfkkyy

C:\WA6P\Quar\JEsfpotg

C:\WA6P\Quar\JEsgaulq

C:\WA6P\Quar\JEsgrebv

C:\WA6P\Quar\JEsgxtvd

C:\WA6P\Quar\JEshytbd

C:\WA6P\Quar\JEsjesdt

C:\WA6P\Quar\JEsjsmix

C:\WA6P\Quar\JEsksgdt

C:\WA6P\Quar\JEslnnbp

C:\WA6P\Quar\JEsmsmjp

C:\WA6P\Quar\JEsmuyiy

C:\WA6P\Quar\JEsnetxv

C:\WA6P\Quar\JEsrpysy

C:\WA6P\Quar\JEstuxrj

C:\WA6P\Quar\JEsugicx

C:\WA6P\Quar\JEsvgprg

C:\WA6P\Quar\JEswmuqu

C:\WA6P\Quar\JEswrqqz

C:\WA6P\Quar\JEsxhllw

C:\WA6P\Quar\JEszruwn

C:\WA6P\Quar\JEtbqmwt

C:\WA6P\Quar\JEtdnmeg

C:\WA6P\Quar\JEteaqer

C:\WA6P\Quar\JEtfsbob

C:\WA6P\Quar\JEthdxmk

C:\WA6P\Quar\JEtjfhlk

C:\WA6P\Quar\JEtjpkig

C:\WA6P\Quar\JEtkavwc

C:\WA6P\Quar\JEtnyfkc

C:\WA6P\Quar\JEtolmcw

C:\WA6P\Quar\JEtpgmgg

C:\WA6P\Quar\JEtpkdzp

C:\WA6P\Quar\JEtsrfxo

C:\WA6P\Quar\JEtvbelw

C:\WA6P\Quar\JEtvvkvf

C:\WA6P\Quar\JEtyqhaf

C:\WA6P\Quar\JEtyrmnz

C:\WA6P\Quar\JEtzzncq

C:\WA6P\Quar\JEubsilg

C:\WA6P\Quar\JEucditd

C:\WA6P\Quar\JEugpqwp

C:\WA6P\Quar\JEuhpqjr

C:\WA6P\Quar\JEuiiabl

C:\WA6P\Quar\JEujcwyl

C:\WA6P\Quar\JEulkqse

C:\WA6P\Quar\JEupsvrf

C:\WA6P\Quar\JEurjaur

C:\WA6P\Quar\JEusapjt

C:\WA6P\Quar\JEuyvwyh

C:\WA6P\Quar\JEvbgbze

C:\WA6P\Quar\JEvcuhug

C:\WA6P\Quar\JEvejjgc

C:\WA6P\Quar\JEvjpdmy

C:\WA6P\Quar\JEvnkkbn

C:\WA6P\Quar\JEvomhue

C:\WA6P\Quar\JEvoxgkk

C:\WA6P\Quar\JEvpthbx

C:\WA6P\Quar\JEvpynkd

C:\WA6P\Quar\JEvqflvf

C:\WA6P\Quar\JEvqwbfy

C:\WA6P\Quar\JEvtlcwx

C:\WA6P\Quar\JEvvtyfx

C:\WA6P\Quar\JEvvwkqb

C:\WA6P\Quar\JEvvwnpb

C:\WA6P\Quar\JEvwbtwf

C:\WA6P\Quar\JEvwhezo

C:\WA6P\Quar\JEvydnay

C:\WA6P\Quar\JEvzbymv

C:\WA6P\Quar\JEwddahz

C:\WA6P\Quar\JEwdigbi

C:\WA6P\Quar\JEwdndoc

C:\WA6P\Quar\JEwhfqvi

C:\WA6P\Quar\JEwigkdi

C:\WA6P\Quar\JEwlpunx

C:\WA6P\Quar\JEwmdeav

C:\WA6P\Quar\JEwmpbnc

C:\WA6P\Quar\JEwqveyf

C:\WA6P\Quar\JEwvjauj

C:\WA6P\Quar\JEwvmnhw

C:\WA6P\Quar\JEwvtsrk

C:\WA6P\Quar\JEwwajhn

C:\WA6P\Quar\JEwwkmyk

C:\WA6P\Quar\JEwwolvr

C:\WA6P\Quar\JEwzylyh

C:\WA6P\Quar\JExekgtj

C:\WA6P\Quar\JExemwcs

C:\WA6P\Quar\JExeypfn

C:\WA6P\Quar\JExgdfqr

C:\WA6P\Quar\JExjramy

C:\WA6P\Quar\JExkuhpf

C:\WA6P\Quar\JExozqqa

C:\WA6P\Quar\JExpcemp

C:\WA6P\Quar\JExpcixd

C:\WA6P\Quar\JExuklyv

C:\WA6P\Quar\JExvpotw

C:\WA6P\Quar\JExxiymu

C:\WA6P\Quar\JExzoezf

C:\WA6P\Quar\JExzwocs

C:\WA6P\Quar\JEyaitjw

C:\WA6P\Quar\JEygqgub

C:\WA6P\Quar\JEyjjogx

C:\WA6P\Quar\JEykdntw

C:\WA6P\Quar\JEykxvdl

C:\WA6P\Quar\JEylwbtq

C:\WA6P\Quar\JEymghnr

C:\WA6P\Quar\JEyqqjjd

C:\WA6P\Quar\JEyraeef

C:\WA6P\Quar\JEyufgoq

C:\WA6P\Quar\JEyujyfn

C:\WA6P\Quar\JEyvpptb

C:\WA6P\Quar\JEyvxrit

C:\WA6P\Quar\JEywkbvk

C:\WA6P\Quar\JEyxfxhl

C:\WA6P\Quar\JEyxpatg

C:\WA6P\Quar\JEyycgqx

C:\WA6P\Quar\JEzbzkgz

C:\WA6P\Quar\JEzcgvof

C:\WA6P\Quar\JEzfvnxc

C:\WA6P\Quar\JEzijyzv

C:\WA6P\Quar\JEzjmzkg

C:\WA6P\Quar\JEzlmpcq

C:\WA6P\Quar\JEzlnccp

C:\WA6P\Quar\JEzmsxmp

C:\WA6P\Quar\JEzrozkp

C:\WA6P\Quar\JEzrzkya

C:\WA6P\Quar\JEztfvlk

C:\WA6P\Quar\JEztjqrq

C:\WA6P\Quar\JEzupszf

C:\WA6P\Quar\JEzuwqph

C:\WA6P\Quar\JEzvjhkq

C:\WA6P\Quar\ladobbhr

C:\WA6P\Quar\luaztmrw

C:\WA6P\Quar\luccvthi

C:\WA6P\Quar\lufthlvk

C:\WA6P\Quar\lufwnavv

C:\WA6P\Quar\lukxlsnr

C:\WA6P\Quar\lumaxtao

C:\WA6P\Quar\luparzhu

C:\WA6P\Quar\luphlxxi

C:\WA6P\Quar\luzmbrau

C:\WA6P\Quar\luznzzkb

C:\WA6P\Quar\Medcojtf

C:\WA6P\Quar\meknmjwz

C:\WA6P\Quar\NPAVI32.DLLkuhyekkx

C:\WA6P\Quar\NPdujlke

C:\WA6P\Quar\Npirckit

C:\WA6P\Quar\nvaguern

C:\WA6P\Quar\nvboomcd

C:\WA6P\Quar\nvbwfcco

C:\WA6P\Quar\nvccoeqm

C:\WA6P\Quar\nvcgtdbw

C:\WA6P\Quar\nvcxdyky

C:\WA6P\Quar\nvdqhnwy

C:\WA6P\Quar\nvgepobc

C:\WA6P\Quar\nvgldxad

C:\WA6P\Quar\nvhljnxo

C:\WA6P\Quar\nvhojnvm

C:\WA6P\Quar\nvidbkfx

C:\WA6P\Quar\nvjjgood

C:\WA6P\Quar\nvmxsuir

C:\WA6P\Quar\nvpaithv

C:\WA6P\Quar\nvpelpmb

C:\WA6P\Quar\nvpnpuqv

C:\WA6P\Quar\nvpqcfna

C:\WA6P\Quar\nvsgumcp

C:\WA6P\Quar\nvspggom

C:\WA6P\Quar\nvssoaen

C:\WA6P\Quar\nvtyzmjw

C:\WA6P\Quar\nvuwokmi

C:\WA6P\Quar\nvvehhjw

C:\WA6P\Quar\nvvkkqin

C:\WA6P\Quar\nvxhamrs

C:\WA6P\Quar\nvxjsaaw

C:\WA6P\Quar\nvyzldsz

C:\WA6P\Quar\Reawkwjh

C:\WA6P\Quar\SEiecnso

C:\WA6P\Quar\spwhbbkc

C:\WA6P\Quar\trbfedmv

C:\WA6P\Quar\undzdwqa

C:\WA6P\Quar\vimpubrl

C:\WA6P\Quar\vioodgpv

C:\WINDOWS\cookies.ini

C:\WINDOWS\pack.epk

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\ajcowrxw.dll

C:\WINDOWS\system32\aksjkiwt.ini

C:\WINDOWS\system32\axpqeirt.exe

C:\WINDOWS\system32\bukxosco.dll

C:\WINDOWS\system32\bwceyrnu.dll

C:\WINDOWS\system32\chjscycv.dll

C:\WINDOWS\system32\cvrlsala.ini

C:\WINDOWS\system32\drivers\vspf_hk5.sys

C:\WINDOWS\system32\drivers\vspf5.sys

C:\WINDOWS\system32\eatocwxi.exe

C:\WINDOWS\system32\egeueeer.dll

C:\WINDOWS\system32\eggbhbup.dll

C:\WINDOWS\system32\egpcyfim.exe

C:\WINDOWS\system32\ewppmsgh.exe

C:\WINDOWS\system32\fkscfoar.dll

C:\WINDOWS\system32\gjclywtr.exe

C:\WINDOWS\system32\gnbjccun.dll

C:\WINDOWS\system32\hjiijjjl.ini

C:\WINDOWS\system32\hjiijjjl.ini2

C:\WINDOWS\system32\hkutdxny.ini

C:\WINDOWS\system32\hlkimssy.exe

C:\WINDOWS\system32\ieadsdua.ini

C:\WINDOWS\system32\jfaljgue.ini

C:\WINDOWS\system32\jkngmraf.dll

C:\WINDOWS\system32\jwxwsdxi.dll

C:\WINDOWS\system32\kkyefodu.exe

C:\WINDOWS\system32\lmopqqru.ini

C:\WINDOWS\system32\lmopqqru.ini2

C:\WINDOWS\system32\lwgdivda.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mmtmshuc.dll

C:\WINDOWS\system32\nilvbqpy.dll

C:\WINDOWS\system32\nmxhtmmx.dll

C:\WINDOWS\system32\nvdksahpow_navtmp.dat

C:\WINDOWS\system32\qctiaoae.dll

C:\WINDOWS\system32\qpoigcyc.ini

C:\WINDOWS\system32\saxrensc.ini

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\syvocias.dll

C:\WINDOWS\system32\tcdoswyc.dll

C:\WINDOWS\system32\tnrjfagq.dll

C:\WINDOWS\system32\tsntpalx.dll

C:\WINDOWS\system32\ucrxrxcu.ini

C:\WINDOWS\system32\uwayycdd.ini

C:\WINDOWS\system32\uwayycdd.ini2

C:\WINDOWS\system32\vbbdxvtb.ini

C:\WINDOWS\system32\vcycsjhc.ini

C:\WINDOWS\system32\vndfkojv.exe

C:\WINDOWS\system32\wvyjfiw.dat

C:\WINDOWS\system32\wvyjfiw.exe

C:\WINDOWS\system32\wvyjfiw_nav.dat

C:\WINDOWS\system32\wvyjfiw_navps.dat

C:\WINDOWS\system32\xmmthxmn.ini

C:\WINDOWS\system32\yclejsuu.dll

C:\WINDOWS\system32\ypqbvlin.ini

C:\WINDOWS\system32\yxbrklbx.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FOPN

-------\Legacy_FWSVC

-------\Legacy_VSPF

-------\Legacy_VSPF_HK

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-10 22:46 . 2008-06-10 22:46 <REP> d-------- C:\Documents and Settings\Claire\Application Data\ScanSoft

2008-06-10 22:43 . 2008-06-10 22:49 <REP> d-------- C:\Documents and Settings\Claire\Application Data\Canon

2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-09 22:55 . 2008-06-09 22:55 <REP> d-------- C:\Program Files\Trend Micro

2008-06-03 02:28 . 2008-06-03 02:28 364 --a------ C:\WINDOWS\system32\MRT.INI

2008-05-27 23:22 . 2008-05-27 23:22 280,576 --a------ C:\WINDOWS\system32\urqqpoml.dll

2008-05-25 22:48 . 2008-05-25 22:48 <REP> d-------- C:\Program Files\Alwil Software

2008-05-24 01:00 . 2008-05-24 01:00 46,592 --a------ C:\Documents and Settings\Jean-Luc VIGNOLI\fopn.sys

2008-05-23 23:37 . 2008-05-23 23:37 <REP> d-------- C:\Program Files\Lavasoft

2008-05-23 23:37 . 2008-05-23 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-23 22:52 . 2008-06-11 23:05 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-21 02:06 . 2008-05-21 02:06 <REP> d-------- C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\TuneUp Software

2008-05-21 02:06 . 2008-05-21 02:06 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-05-21 02:06 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-05-21 02:05 . 2008-05-25 18:21 <REP> d-------- C:\Program Files\TuneUp Utilities 2008

2008-05-21 02:05 . 2008-05-21 02:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-05-21 02:03 . 2008-05-23 23:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-19 21:35 . 2008-05-19 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

2008-05-19 21:21 . 2008-06-11 23:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-18 10:57 . 2008-05-18 10:57 118,784 --a------ C:\WINDOWS\system32\icogdaxj.dll

2008-05-18 10:52 . 2008-06-08 00:58 48 --a------ C:\WINDOWS\BM4b134963.xml

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-11 19:22 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\Canon

2008-06-10 21:43 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-05-25 23:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-25 00:25 --------- d-----w C:\Program Files\Dictionnaire

2008-05-20 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-19 19:33 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\AdobeUM

2008-05-18 15:01 --------- d-----w C:\Program Files\IrfanView

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-03 15:42 --------- d-----w C:\Program Files\Google

2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4200261-FD62-41C9-ADCB-28C2CD7ECBFB}]

2008-05-27 23:22 280576 --a------ C:\WINDOWS\system32\urqqpoml.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-21 23:47 32768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-20 20:24 77824]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48207aff]

C:\WINDOWS\system32\alaslrvc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 07:00]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-21 02:06]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-11 21:08:59 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-11 23:09:27

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe

C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe

C:\Program Files\Popit\PopitNG.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-11 23:12:40 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-11 21:12:34

 

Pre-Run: 75,747,975,168 octets libres

Post-Run: 77,950,996,480 octets libres

 

790 --- E O F --- 2008-06-10 21:03:23

 

 

Log2:

 

ComboFix 08-06-10.5 - Jean-Luc VIGNOLI 2008-06-11 23:30:45.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.126 [GMT 2:00]

Endroit: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\alaslrvc.dll

C:\WINDOWS\system32\egeueeer.dll

C:\WINDOWS\system32\jkngmraf.dll

C:\WINDOWS\system32\urqqpoml.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\urqqpoml.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-11 23:12 . 2008-06-11 23:12 <REP> d-------- C:\Documents and Settings\InvitÚ

2008-06-10 22:46 . 2008-06-10 22:46 <REP> d-------- C:\Documents and Settings\Claire\Application Data\ScanSoft

2008-06-10 22:43 . 2008-06-10 22:49 <REP> d-------- C:\Documents and Settings\Claire\Application Data\Canon

2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-09 22:55 . 2008-06-09 22:55 <REP> d-------- C:\Program Files\Trend Micro

2008-06-03 02:28 . 2008-06-03 02:28 364 --a------ C:\WINDOWS\system32\MRT.INI

2008-05-25 22:48 . 2008-05-25 22:48 <REP> d-------- C:\Program Files\Alwil Software

2008-05-24 01:00 . 2008-05-24 01:00 46,592 --a------ C:\Documents and Settings\Jean-Luc VIGNOLI\fopn.sys

2008-05-23 23:37 . 2008-05-23 23:37 <REP> d-------- C:\Program Files\Lavasoft

2008-05-23 23:37 . 2008-05-23 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-23 22:52 . 2008-06-11 23:05 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-21 02:06 . 2008-05-21 02:06 <REP> d-------- C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\TuneUp Software

2008-05-21 02:06 . 2008-05-21 02:06 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-05-21 02:06 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-05-21 02:05 . 2008-05-25 18:21 <REP> d-------- C:\Program Files\TuneUp Utilities 2008

2008-05-21 02:05 . 2008-05-21 02:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-05-21 02:03 . 2008-05-23 23:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-19 21:35 . 2008-05-19 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

2008-05-19 21:21 . 2008-06-11 23:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-18 10:57 . 2008-05-18 10:57 118,784 --a------ C:\WINDOWS\system32\icogdaxj.dll

2008-05-18 10:52 . 2008-06-08 00:58 48 --a------ C:\WINDOWS\BM4b134963.xml

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-11 19:22 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\Canon

2008-06-10 21:43 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-05-25 23:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-25 00:25 --------- d-----w C:\Program Files\Dictionnaire

2008-05-20 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-19 19:33 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\AdobeUM

2008-05-18 15:01 --------- d-----w C:\Program Files\IrfanView

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2008-05-03 15:42 --------- d-----w C:\Program Files\Google

2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-21 23:47 32768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-20 20:24 77824]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]

 

C:\Documents and Settings\Jean-Luc VIGNOLI\Menu D‚marrer\Programmes\D‚marrage\

PopitNG.lnk - C:\Program Files\Popit\PopitNG.exe [2006-10-09 22:07:56 120832]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2006-09-01 19:53:59 626176]

Wireless 802.11g USB Adapter.lnk - C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 11:34:00 425984]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48207aff]

C:\WINDOWS\system32\alaslrvc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 07:00]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-21 02:06]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-06-11 21:08:59 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-11 23:32:40

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-06-11 23:33:53

ComboFix-quarantined-files.txt 2008-06-11 21:33:49

ComboFix2.txt 2008-06-11 21:12:41

 

Pre-Run: 77,990,969,344 octets libres

Post-Run: 77,980,053,504 octets libres

 

141 --- E O F --- 2008-06-10 21:03:23

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Tu as bien bossé :P mais c'est pas fini :P , il reste 2\3 trucs à corriger

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\icogdaxj.dll
C:\WINDOWS\BM4b134963.xml
C:\WINDOWS\system32\alaslrvc.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4200261-FD62-41C9-ADCB-28C2CD7ECBFB}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48207aff]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

 

• vire avast pour antivir , installe le , met à jour[patiente \o/], et réalise un scan , poste le rapport d'antivir , il va couiner sur la quarantaine de ComboFix [c:\qoobox] , quarantaine .

 

Lien de telechargement d'antivir :: http://dl1.avgate.net/down/windows/antivir...n_winu_en_h.exe

 

Pourquoi » http://forum.malekal.com/viewtopic.php?f=45&t=3528

 

tuto » http://forum.malekal.com/viewtopic.php?f=45&t=4192

JLVIVI Junior Member

JLVIVI

Posté(e)
  • Auteur
Posté(e)

Bonjour !

 

Tu crois que c'est vraiment nécessaire de remplacer Avast par Antivir ?

Je ne connais personne qui ait entendu parler de cet antivirus "Antivir"...

Qu'a-t-il de mieux que Avast ?

 

Merci,

Jean-Luc.

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Avast n'est pas réactif, il bloque rien!! tu as lu le comparatif ??

http://forum.malekal.com/viewtopic.php?f=45&t=3528

 

Avast t'a protégé des saloperies que tu as choppé????? cqfd

 

Je ne connais personne qui ait entendu parler de cet antivirus "Antivir"...

 

Tu ne dois pas connaitre les bonnes personnes en terme de sécurité informatique, vers,virus,trojans!!!!

 

Poste les rapports demandés ;o)

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...