Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Alerte infection PC !

grauzone

Par grauzone
dans Analyses et éradication malwares

 Partager

Messages recommandés

grauzone Junior Member

grauzone

Posté(e)
Posté(e) (modifié)

Bonjour à tous,

 

Je me présente, Grauzone, 40 ans, 3 enfants, vivant dans les Ardennes.

 

Voici mon problème.

Depuis 2 jours mon antivirus NOD32 me fait des alertes et elles réapparaissent régulièrement:

Alertes régulières sur le fichier svchost.exe

 

J’ai mis en quarantaine:

c:\windows\jdead.exe

http://www.fc-www.de/spybotcrypt.exe

c:\windows\jde3ad.exe

c:\windows\kefafae.exe

c:\windows\masknewge.exe

http://www.fc-www.de/FUDExe.exe

 

Pour info, j'ai donc Nod32 mis à jour, j'ai passé Ad-Aware pro 2008 mis à jour d'aujourd'hui, j'ai passé EasyCleaner et je suis en train de passer a-squared Anti-Malware

 

J’ai fait un rapport HijackThis v2.0.2

 

Quelqu'un peut il m'aider s'il vous plait

En vous remerciant d'avance

 

Cordialement

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:43:23, on 26/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Documents and Settings\Grauzone\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Documents and Settings\Grauzone\Local Settings\Application Data\Windows Update\scvhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\WinMover\WinMover.exe

C:\WINDOWS\system32\taskmanegr.exe

C:\Documents and Settings\Grauzone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe

C:\Documents and Settings\Grauzone\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Documents and Settings\Grauzone\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\taskmanegr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\a-squared Anti-Malware\a2wizard.exe

C:\Program Files\IncrediMail\bin\ImApp.exe

S:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.logitech.com/setpoint/skype

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Grauzone\Local Settings\Application Data\Windows Update\scvhost.exe,C:\WINDOWS\system32\taskmanegr.exe,

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\D-Tools\daemon.exe\" -lang 1033

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\Grauzone\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinUpdate] C:\Documents and Settings\Grauzone\Local Settings\Application Data\Windows Update\scvhost.exe

O4 - HKLM\..\Run: [TASKMAN] C:\WINDOWS\system32\taskmanegr.exe

O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Grauzone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WinUpdate] C:\Documents and Settings\Grauzone\Local Settings\Application Data\Windows Update\scvhost.exe

O4 - HKCU\..\Run: [TASKMAN] C:\WINDOWS\system32\taskmanegr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe

O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Grauzone\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

O4 - Global Startup: RAID Manager.lnk = ?

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/hardwared...ion_3_1_2_0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bw+0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate1c994fbddfbf930) (gupdate1c994fbddfbf930) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 29693 bytes

Modifié par grauzone
Lien vers le commentaire
Partager sur d’autres sites

angelique Devil Member !

angelique

Posté(e)
Posté(e)

•relance Hijackthis " do a system scan only" , coche uniquement les lignes ci dessous et clic Fixchecked:

 

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Grauzone\Local Settings\Application Data\Windows Update\scvhost.exe,C:\WINDOWS\system32\taskmanegr.exe,

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\Grauzone\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

O4 - HKLM\..\Run: [WinUpdate] C:\Documents and Settings\Grauzone\Local Settings\Application Data\Windows Update\scvhost.exe

O4 - HKLM\..\Run: [TASKMAN] C:\WINDOWS\system32\taskmanegr.exe

O4 - HKCU\..\Run: [WinUpdate] C:\Documents and Settings\Grauzone\Local Settings\Application Data\Windows Update\scvhost.exe

O4 - HKCU\..\Run: [TASKMAN] C:\WINDOWS\system32\taskmanegr.exe

O18 - Protocol: bw+0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

 

==> clic Fixchecked

 

• Télécharge OTMoveIt3 de OldTimer

http://oldtimer.geekstogo.com/OTMoveIt3.exe

 

* Enregistre-le sur ton bureau

* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)

* Copie-colle l'entièreté de ceci, le contenu du cadre uniquement à partir de :processes; dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :

 

 

:processes
explorer.exe

:files
C:\WINDOWS\system32\taskmanegr.exe
C:\Documents and Settings\Grauzone\Local Settings\Application Data\Windows Update\scvhost.exe


:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify]
"IconStreams"=-
"PastIconsStream"=-

:commands
[zipfiles]
[emptytemp]

 

 

 

 

* Clique sur le bouton rouge Moveit! pour lancer le nettoyage, accepte le redemarrage.

* Copie-colle dans ta prochaine réponse le rapport\contenu du fichier texte qui s'affiche

--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)

 

• un fichier zippé est crée, Le zip est placé ici :

C:\_OTMoveIt\MovedFiles folder

 

Upload le à cette adresse http://upload.malekal.com/

tuto: http://www.malekal.com/tuto_upload_fichiers.php

 

• reposte un nouveau rapport Hijackyhis

Lien vers le commentaire
Partager sur d’autres sites
grauzone Junior Member

grauzone

Posté(e)
  • Auteur
Posté(e) (modifié)

Bonjour

 

Merci pour votre réponse rapide, désolé de n'avoir pas fait de même mais je n'étais pas présent à la maison, obligations familiales obligent.

J'ai donc fait exactement ce que vous m'avez conseillé (très clair et précis, je vous en félicite).

Un petit souci de mon coté, après le clique sur le bouton rouge Moveit! pour lancer le nettoyage, il ne m'a pas proposé le redémarrage et j'ai donc du rebooter la PC manuellement (pas d'autre moyen de l'arrêter). Au redémarrage, tout c'est passé normalement, le rapport ci dessous a été généré.

 

Une chose encore, le PC est resté allumé durant mon absence et depuis 11h00 ce matin, je n'ai plus d'alerte de NOD32.

Par contre depuis le dernier redémarrage, Microsoft me propose d'identifier ma version de Windows avant même qu'il est démarré : La validation Windows Genuine Advantage

 

En vous remerciant encore de votre aide

 

Voici le rapport de Moveit!

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\WINDOWS\system32\taskmanegr.exe moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Application Data\Windows Update\scvhost.exe moved successfully.

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\IconStreams deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\PastIconsStream deleted successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_101240750131.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_111240763908.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_121240606826.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_131239616995.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_141240586369.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_161240632025.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_181240494627.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_201240395239.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_211240182329.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_221240448413.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_231240474303.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_41240757303.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_71240757473.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_81240738070.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_91240549243.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_131240722022.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_141240614024.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_151240763679.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_161240653769.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_171240265109.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_181240496201.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_201240617626.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_211240752208.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_221240751676.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_231240462828.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_241240567241.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_251239560323.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_261240649006.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_271240599608.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_281240740385.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_291240653164.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_301240750673.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_311240763664.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_331240516825.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_341240459222.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_351240676754.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_361240467237.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_381240759347.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_391240734696.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_401240696814.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_411240610422.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_41240757302.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_71240757471.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_3_2_11231224990.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_8_2_11223394495.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_8_2_21231227908.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Grauzone\LOCALS~1\Temp\~DF6C36.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\S2MH0X1D\AP_ADV_728x90[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\S2MH0X1D\AP_CPL_300x250[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\S2MH0X1D\iframe[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\J1JDL1ER\ads[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\J1JDL1ER\hp[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\J1JDL1ER\iframe[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\E4MP22E1\AP_CPL_728x90[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\E4MP22E1\iframe[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\E4MP22E1\rectangle_300x250[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\B6INCCT9\alerte-infection-t162336[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\B6INCCT9\AP_ADV_300x250[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\B6INCCT9\ban_728x90[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

Network Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

 

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04262009_194107

 

Files moved on Reboot...

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_101240750131.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_111240763908.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_121240606826.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_131239616995.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_141240586369.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_161240632025.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_181240494627.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_201240395239.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_211240182329.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_221240448413.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_231240474303.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_41240757303.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_71240757473.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_81240738070.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_1_91240549243.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_131240722022.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_141240614024.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_151240763679.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_161240653769.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_171240265109.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_181240496201.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_201240617626.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_211240752208.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_221240751676.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_231240462828.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_241240567241.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_251239560323.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_261240649006.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_271240599608.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_281240740385.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_291240653164.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_301240750673.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_311240763664.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_331240516825.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_341240459222.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_351240676754.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_361240467237.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_381240759347.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_391240734696.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_401240696814.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_411240610422.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_41240757302.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_1_2_71240757471.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_3_2_11231224990.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_8_2_11223394495.dat moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\cteng_8_2_21231227908.dat moved successfully.

DllUnregisterServer procedure not found in C:\DOCUME~1\Grauzone\LOCALS~1\Temp\IadHide5.dll

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\IadHide5.dll NOT unregistered.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\IadHide5.dll moved successfully.

C:\DOCUME~1\Grauzone\LOCALS~1\Temp\~DF6C36.tmp moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\S2MH0X1D\AP_ADV_728x90[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\S2MH0X1D\AP_CPL_300x250[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\S2MH0X1D\iframe[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\J1JDL1ER\ads[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\J1JDL1ER\hp[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\J1JDL1ER\iframe[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\E4MP22E1\AP_CPL_728x90[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\E4MP22E1\iframe[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\E4MP22E1\rectangle_300x250[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\B6INCCT9\alerte-infection-t162336[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\B6INCCT9\AP_ADV_300x250[1].htm moved successfully.

C:\Documents and Settings\Grauzone\Local Settings\Temporary Internet Files\Content.IE5\B6INCCT9\ban_728x90[1].htm moved successfully.

 

Voici le rapport de HijackThis v2.0.2

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:10:41, on 26/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\WinMover\WinMover.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Grauzone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe

C:\Program Files\IncrediMail\bin\ImApp.exe

C:\Documents and Settings\Grauzone\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Documents and Settings\Grauzone\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

S:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.logitech.com/setpoint/skype

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\D-Tools\daemon.exe\" -lang 1033

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Grauzone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe

O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Grauzone\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

O4 - Global Startup: RAID Manager.lnk = ?

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_1_2_1.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: offline-8876480 - {CF5524E9-9FEC-4C68-BFBA-F153EADA5680} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate1c994fbddfbf930) (gupdate1c994fbddfbf930) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 17096 bytes

Modifié par grauzone
Lien vers le commentaire
Partager sur d’autres sites
angelique Devil Member !

angelique

Posté(e)
Posté(e)

• un fichier zippé est crée, Le zip est placé ici :

C:\_OTMoveIt\MovedFiles folder

 

Upload le à cette adresse http://upload.malekal.com/

tuto: http://www.malekal.com/tuto_upload_fichiers.php

 

as tu bien envoyé le fichier zip?

 

Ne supprimme C:\_OTMoveIt\MovedFiles folder que une fois le zip envoyé Merci!!

 

• ton Nod32 ne doit plus couiner , ??

Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner(à utiliser régulièrement!):

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

• naviguer avec FireFox http://www.mozilla-europe.org/fr/firefox/ , JavaScript désactivé quand on sait pas ou on surf, ça peut éviter les IFrames pourries javaScript sur une page web pourries http://www.certa.ssi.gouv.fr/site/CERTA-20...-001/index.html

 

1237009714-jsff.jpg

http://imagesup.org/images/1237009714-jsff.jpg

 

• Configurer FireFox pour vider cache, cookies ...... à sa fermeture:

 

1237009855-clrff.jpg

http://imagesup.org/images/1237009855-clrff.jpg

 

• Lire sécuriser FireFox:: http://www.malekal.com/securiser_Firefox.php

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

Lien vers le commentaire
Partager sur d’autres sites
grauzone Junior Member

grauzone

Posté(e)
  • Auteur
Posté(e)

Angélique,

 

J’ai bien uploadé le fichier Zippé à l'adresse http://upload.malekal.com/ comme tu me l’as demandé.

 

Je viens de terminé ta dernière recommandation

J’ai donc passé ATF Cleaner sous l'onglet Main et sous le navigateur Firefox puisque j'utilise les deux.

J'en ai aussi profité pour appliquer tes conseils sur les options de firefox.

 

Voilà, il me reste a redémarrer le pc

 

En te remerciant encore de ton aide

 

Cordialement

 

Stef

Lien vers le commentaire
Partager sur d’autres sites
grauzone Junior Member

grauzone

Posté(e)
  • Auteur
Posté(e) (modifié)

Angélique,

 

je te confirme, le PC a redémarré normalement, aucun problème à première vue.

Coté antivirus, Nod32 ne me fait plus d'alerte.

Il me reste La validation Windows Genuine Advantage à chaque démarrage. Ce qui m'étonne, c'est qu’a l'époque, je l'avais déjà validé mais bon, rien de dramatique.

 

Bizarre cette histoire de virus alors que je suis protéger par un antivirus.

 

Merci pour tout, sans ton aide je n'y serais pas arrivé, je ne suis pas nul en informatique mais là, je suis impressionné par ton travail. Je ne sais pas comment tu fais pour te retrouver dans les fichiers log qui te sont postés.

 

Merci à toi pour ton aide et merci au créateur du site.

 

Bonne continuation à toute votre équipe.

 

Cordialement.

 

Stef

 

ps: j'ai mis [RESOLU]

Modifié par grauzone
Lien vers le commentaire
Partager sur d’autres sites
  • Tonton a modifié le titre en [Résolu] Alerte infection PC !

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...