Se connecter / S'enregistrer
Votre question

virus msn photo.zip

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Juin 2007 19:22:03

Bonjour,

je créée un nouveau sujet pour pas gêner dans la résolution du probleme des autres! :) 

j'ai donc moi aussi téléchargé par erreur ce dossier zip sur msn... et j'arrive pas à me défaire du virus!!!
donc si qqn peut me donner un petit coup de main pour m'en sortir, merci beaucoup d'avance!

ci dessous mon rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 19:13:13, on 13/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\marie\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/105bd58b38540046ec21/netzip...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: bw+0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Autres pages sur : virus msn photo zip

13 Juin 2007 19:35:55

Bonjour

Télécharge MSNFix.zip (de !aur3n7) sur le Bureau
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.

Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste le ainsi qu'un nouveau scan HijackThis fait en mode normal.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
13 Juin 2007 19:41:03

re

pas dinfection détectée...
le rapprt msnfix:

MSN_Fix 1.316

C:\Documents and Settings\marie\Bureau\MSNFix\MSNFix
Fix exécuté le 13/06/2007 - 19:38:23,38 By marie
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention




------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://246694.aceboard.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------



et le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 19:40:35, on 13/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\marie\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/105bd58b38540046ec21/netzip...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: bw+0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Contenus similaires
13 Juin 2007 20:15:41

...est-ce que mon ordi est toujours infecté ou pas?
13 Juin 2007 20:23:14

je n'arrive pas a télécharger launchIt.exe, ca me donne un fichier.rar que j'arrive pas à ouvrir...
13 Juin 2007 20:46:06

j'ai essayé de l'ouvrir ou de l'enregistrer sur mon ordi (et j'ai ouvert le fichier), mais ca n'a rien fait, à part faire buger l'ordi (fermeture d'internet, impossible de faire quoique ce soit, souris qui s'affole avec le sablier, obligée de faire reset pour redémarrer l'ordi...)...
c'est normal ça???!
13 Juin 2007 20:49:07

et ma souris continue de s'affoller...et moi aussi je commence à m'affoler!!! lol
13 Juin 2007 20:52:49

lol enfait ca scanner c pr ca j'ai redemarrer ca marche a merveille, thx
13 Juin 2007 21:26:33

Bonjour Nextmind

De quelles lignes parles tu dans Hijackthis ?

Quels sont les fichiers ciblés par LaunchIt ?


marielor22

Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il te sera peut-être demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
a b 8 Sécurité
13 Juin 2007 21:28:39

Liens de LunchIt supprimé par précaution.
Alertez si vous en voyez d'autres :jap: 
13 Juin 2007 21:32:09

re c'est marielor22 g du changer de pseudo parce que qqn (nextmind probablement) a pris le mien( ce n'est pas moi qui ai écrit le post précédent comme koi ca marche)
g prévenu angeldark par MP
le lien que nextmind m'a donné est un virus!!!
ca a planté mon ordi, bouffé mes mots de passe et qqn a mis un message a ma place ici!!!
donc en fait g toujours mon pb msn et maintenant a priori j'en ai un autre... galère...
je te colle le résultat de diaghelp ci dessous

(merci de m'aider!!!)

DiagHelp version v1.1.1 - http://www.malekal.com
excute le 13/06/2007 à 21:28:40,24


Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\aswmon.sys -->30/04/2007 17:41:55
C:\WINDOWS\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42
C:\WINDOWS\System32/drivers\aswRdr.sys -->30/04/2007 17:39:41
C:\WINDOWS\System32/drivers\aswTdi.sys -->30/04/2007 17:38:51
C:\WINDOWS\System32/drivers\aavmker4.sys -->30/04/2007 17:37:23
C:\WINDOWS\System32/drivers\GEARAspiWDM.sys -->19/09/2006 16:44:04
C:\WINDOWS\System32/drivers\PxHelp20.sys -->25/08/2006 05:47:00

C:\WINDOWS\System32\spupdsvc.inf -->14/07/2007 18:44:11
C:\WINDOWS\System32\nvapps.xml -->13/06/2007 21:17:43
C:\WINDOWS\System32\wpa.dbl -->12/06/2007 18:26:30
C:\WINDOWS\System32\MRT.exe -->06/06/2007 08:38:41
C:\WINDOWS\System32\CONFIG.NT -->13/05/2007 12:27:13
C:\WINDOWS\System32\aswBoot.exe -->30/04/2007 17:46:10
C:\WINDOWS\System32\AVASTSS.scr -->30/04/2007 17:35:28
C:\WINDOWS\System32\wups.dll -->16/04/2007 22:47:36
C:\WINDOWS\System32\wuaucpl.cpl.mui -->16/04/2007 22:47:26
C:\WINDOWS\System32\wuapi.dll.mui -->16/04/2007 22:46:54
C:\WINDOWS\System32\wuaueng.dll -->16/04/2007 22:45:54
C:\WINDOWS\System32\wuapi.dll -->16/04/2007 22:45:48
C:\WINDOWS\System32\wucltui.dll -->16/04/2007 22:45:42
C:\WINDOWS\System32\wuaueng.dll.mui -->16/04/2007 22:45:42
C:\WINDOWS\System32\wuaucpl.cpl -->16/04/2007 22:45:40
C:\WINDOWS\System32\wuweb.dll -->16/04/2007 22:45:36
C:\WINDOWS\System32\cdm.dll -->16/04/2007 22:45:28
C:\WINDOWS\System32\wups2.dll -->16/04/2007 22:45:20
C:\WINDOWS\System32\wuauclt.exe -->16/04/2007 22:45:20
C:\WINDOWS\System32\wucltui.dll.mui -->16/04/2007 22:45:06
C:\WINDOWS\System32\PerfStringBackup.INI -->25/03/2007 15:51:36
C:\WINDOWS\System32\perfh00C.dat -->25/03/2007 15:51:36
C:\WINDOWS\System32\perfh009.dat -->25/03/2007 15:51:36
C:\WINDOWS\System32\perfc00C.dat -->25/03/2007 15:51:36
C:\WINDOWS\System32\perfc009.dat -->25/03/2007 15:51:36

C:\WINDOWS\ALCFDRTM.VER -->20/07/2007 16:25:34
C:\WINDOWS\bhookpl.dll -->13/06/2007 21:22:18
C:\WINDOWS\WindowsUpdate.log -->13/06/2007 21:17:35
C:\WINDOWS\0.log -->13/06/2007 21:17:33
C:\WINDOWS\wiaservc.log -->13/06/2007 21:17:31
C:\WINDOWS\wiadebug.log -->13/06/2007 21:17:31
C:\WINDOWS\bootstat.dat -->13/06/2007 21:17:24
C:\WINDOWS\GetServer.ini -->13/06/2007 21:12:08
C:\WINDOWS\ntbtlog.txt -->13/06/2007 20:58:46
C:\WINDOWS\msnfix.txt -->13/06/2007 19:38:48
C:\WINDOWS\DPINST.LOG -->13/06/2007 18:06:04
C:\WINDOWS\SchedLgU.Txt -->13/06/2007 18:03:00
C:\WINDOWS\TSC.INI -->12/06/2007 19:29:23
C:\WINDOWS\tsc.ptn -->12/06/2007 19:13:15
C:\WINDOWS\tsc.exe -->12/06/2007 19:13:14


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CCDE-806C

Répertoire de C:\WINDOWS\system32

28/09/2001 14:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 14 131 171 328 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CCDE-806C

Répertoire de C:\WINDOWS\Downloaded Program Files

13/05/2007 13:09 <REP> .
13/05/2007 13:09 <REP> ..
19/09/2006 19:19 65 desktop.ini
20/06/2006 15:44 379 704 MsnPUpld.dll
19/06/2006 14:40 393 MsnPUpld.inf
20/06/2006 15:44 117 560 PURen-us.dll
09/01/2007 08:30 110 592 PURfr-fr.dll
03/06/2004 10:05 524 445 RdxIE.dll
09/11/2006 15:36 5 019 swflash.inf
20/08/2002 20:48 172 664 xenroll.dll
20/08/2002 20:52 289 xenroll.inf
02/11/2005 18:01 1 777 xscan.inf
02/11/2005 18:07 435 712 xscan53.ocx
11 fichier(s) 1 748 220 octets

Total des fichiers listés :
11 fichier(s) 1 748 220 octets
2 Rép(s) 14 131 171 328 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

Rechercher adresses sensibles dans le fichier HOSTS...



catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 21:28:45
Windows 5.1.2600 NTFS

scanning hidden files ...

C:\WINDOWS\system32:httpd.exe 11645 bytes executable

scan completed successfully
hidden files: 1


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
240 - LVCOMSX.EXE
332 - ashDisp.exe
436 - ctfmon.exe
452 - E_FATI9BE.EXE
488 - msnmsgr.exe
500 - LogitechDesktop
612 - ashWebSv.exe
616 - ashMaiSv.exe
632 - csrss.exe
656 - winlogon.exe
700 - services.exe
712 - lsass.exe
888 - svchost.exe
968 - svchost.exe
1132 - svchost.exe
1164 - svchost.exe
1348 - ashServ.exe
1500 - spoolsv.exe
1600 - alg.exe
1916 - iexplore.exe --[Hidden]--
2044 - explorer.exe
2176 - iPodService.exe
2644 - iexplore.exe
2824 - cmd.exe
3048 - winlogin.exe
3552 - iexplore.exe
3604 - dwwin.exe
3716 - jucheck.exe

Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B5000 - \WINDOWS\system32\hal.dll
F7D2F000 - \WINDOWS\system32\KDCOM.DLL
F7C3F000 - \WINDOWS\system32\BOOTVID.dll
F77E2000 - ACPI.sys
F7D31000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F782F000 - pci.sys
F783F000 - isapnp.sys
F7DF7000 - pciide.sys
F7AAF000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F784F000 - MountMgr.sys
F77C3000 - ftdisk.sys
F7D33000 - dmload.sys
F779F000 - dmio.sys
F7AB7000 - PartMgr.sys
F785F000 - VolSnap.sys
F7789000 - atapi.sys
F7775000 - nvatabus.sys
F786F000 - disk.sys
F787F000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F7763000 - sr.sys
F788F000 - PxHelp20.sys
F774F000 - KSecDD.sys
F76CC000 - Ntfs.sys
F76A4000 - NDIS.sys
F7ABF000 - nv_agp.sys
F768A000 - Mup.sys
F7A3F000 - \SystemRoot\System32\DRIVERS\AmdK8.sys
F7D07000 - \SystemRoot\System32\DRIVERS\usbohci.sys
F6A6B000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F7A4F000 - \SystemRoot\System32\Drivers\ousbehci.sys
F7D0B000 - \SystemRoot\System32\DRIVERS\nvnetbus.sys
F7A5F000 - \SystemRoot\System32\DRIVERS\NVNRM.SYS
F6A3C000 - \SystemRoot\System32\DRIVERS\NVSNPU.SYS
F680A000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F67E9000 - \SystemRoot\system32\drivers\portcls.sys
F7A7F000 - \SystemRoot\system32\drivers\drmk.sys
F67C8000 - \SystemRoot\system32\drivers\ks.sys
F6C9E000 - \SystemRoot\System32\Drivers\Imapi.SYS
F6C8E000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F6C7E000 - \SystemRoot\System32\DRIVERS\redbook.sys
F7AD7000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F644C000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
F6C6E000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F7ADF000 - \SystemRoot\System32\DRIVERS\fdc.sys
F6C5E000 - \SystemRoot\System32\DRIVERS\serial.sys
F7D23000 - \SystemRoot\System32\DRIVERS\serenum.sys
F6439000 - \SystemRoot\System32\DRIVERS\parport.sys
F6C4E000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7AE7000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7AEF000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7E0C000 - \SystemRoot\System32\DRIVERS\audstub.sys
F6B0A000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7D27000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F6423000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F6AFA000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F6AEA000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7D2B000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F6412000 - \SystemRoot\System32\DRIVERS\psched.sys
F6ADA000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F7AF7000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7AFF000 - \SystemRoot\System32\DRIVERS\raspti.sys
F63BD000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F6ACA000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7E16000 - \SystemRoot\System32\DRIVERS\swenum.sys
F5DA9000 - \SystemRoot\System32\DRIVERS\update.sys
F7A1F000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7A2F000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7D9D000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F286B000 - \SystemRoot\System32\DRIVERS\ousb2hub.sys
F285B000 - \SystemRoot\System32\DRIVERS\NVENETFD.sys
F2F64000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F7DDB000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7F85000 - \SystemRoot\System32\Drivers\Null.SYS
F7DDD000 - \SystemRoot\System32\Drivers\Beep.SYS
F2F44000 - \SystemRoot\System32\drivers\vga.sys
F7DDF000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7DE1000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F297B000 - \SystemRoot\System32\Drivers\Msfs.SYS
F2973000 - \SystemRoot\System32\Drivers\Npfs.SYS
F47D6000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F15A6000 - \SystemRoot\System32\DRIVERS\ipsec.sys
EF351000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F1596000 - \SystemRoot\System32\Drivers\aswTdi.SYS
EF32C000 - \SystemRoot\System32\DRIVERS\netbt.sys
F1586000 - \SystemRoot\System32\DRIVERS\netbios.sys
EF304000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F7E06000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS
EF27C000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F1566000 - \SystemRoot\System32\Drivers\Fips.SYS
F1CAF000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F1FF5000 - \SystemRoot\system32\drivers\lvusbsta.sys
EE632000 - \SystemRoot\System32\DRIVERS\LV561AV.SYS
EE696000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
EE686000 - \SystemRoot\System32\DRIVERS\wanarp.sys
EE3A3000 - \SystemRoot\System32\Drivers\Cdfs.SYS
EB09A000 - \SystemRoot\System32\Drivers\dump_nvatabus.sys
EB2AB000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
EBC72000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F7EF7000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B8000 - \SystemRoot\System32\nv4_disp.dll
BA8D0000 - \SystemRoot\System32\drivers\afd.sys
EF2FC000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
BA0BA000 - \SystemRoot\System32\Drivers\aswMon2.SYS
BA067000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
EE55F000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B9F78000 - \SystemRoot\System32\DRIVERS\srv.sys
B9F3C000 - \SystemRoot\system32\drivers\wdmaud.sys
F1FC5000 - \SystemRoot\system32\drivers\sysaudio.sys
B9D9E000 - \SystemRoot\System32\DRIVERS\ipnat.sys
B9DD1000 - \SystemRoot\System32\Drivers\aswRdr.SYS
B7A8F000 - \SystemRoot\system32\drivers\kmixer.sys
EEA6F000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 115

Liste des programmes installes

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9 - Français
Apple Software Update
AutoUpdate
avast! Antivirus
Barre d'outils MSN
CCleaner (remove only)
Correctif Windows XP - Article Base de Connaissances 834707
Correctif Windows XP - KB823559
Correctif Windows XP - KB828741
Correctif Windows XP - KB835732
Correctif Windows XP - KB842773
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EPSON CardMonitor
EPSON Copy Utility 3
EPSON Logiciel imprimante
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
ESCX3600 Guide de réf.
ESCX3600 Guide des logiciels
HijackThis 1.99.1
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Lecteur Windows Media 10
LimeWire 4.12.6
Logiciel QuickCam de Logitech
Logitech Desktop Messenger
Logitech Print Service
Microsoft Office XP Small Business
NVIDIA Drivers
Package du correctif Windows XP [voir Q329115 pour plus de détails]
PartitionMagic
PIF DESIGNER2.1
PowerQuest PartitionMagic 8.0
Programme de gestion Camera de Logitech®
QuickTime
RealPlayer
Realtek AC'97 Audio
ScanToWeb
Spybot - Search & Destroy 1.4
Streamripper Plugin 1.61.27 (Remove only)
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Live Messenger
Windows Media Format Runtime
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CCDE-806C

Répertoire de C:\Program Files

13/06/2007 21:18 <REP> .
13/06/2007 21:18 <REP> ..
05/10/2006 21:37 <REP> Adobe
19/09/2006 20:35 <REP> Alwil Software
16/12/2006 16:13 <REP> Apple Software Update
10/10/2006 23:20 1 042 autoplaylist.dat
23/09/2006 21:06 <REP> CCleaner
10/10/2006 23:20 <REP> CDBurning
10/10/2006 23:20 331 776 CDDBRealControl.dll
10/10/2006 23:20 2 851 cdroms.cfg
19/09/2006 19:17 <REP> ComPlus Applications
10/10/2006 23:20 <REP> DataCache
10/10/2006 23:20 719 360 dbghelp.dll
10/10/2006 23:20 <REP> Devices
30/10/2006 20:18 <REP> DivX
10/10/2006 23:20 340 040 dtdr3260.dll
10/10/2006 23:20 139 264 DUNZIP32.dll
01/11/2006 19:23 <REP> epson
30/01/2007 19:09 <REP> Fichiers communs
10/10/2006 23:20 <REP> Firstrun
10/10/2006 23:20 20 523 fixrjb.exe
10/10/2006 23:20 568 fpsectbl
10/10/2006 23:20 23 558 freeoffers.ico
10/10/2006 23:20 177 freeoffers.rnx
10/10/2006 23:20 11 444 frw.bmp
13/04/2007 10:54 <REP> Google
05/01/2007 22:05 <REP> hachette Multimedia
10/10/2006 23:20 73 439 howto.chm
10/10/2006 23:20 49 197 ierjplug.dll
13/06/2007 21:12 <REP> Internet Explorer
16/12/2006 16:15 <REP> iPod
16/12/2006 16:16 <REP> iTunes
22/03/2007 19:33 <REP> Java
10/10/2006 23:20 480 keys.dat
10/10/2006 23:20 <REP> lang
04/05/2007 18:55 <REP> library
14/10/2006 00:01 <REP> LimeWire
01/11/2006 19:11 <REP> Logitech
19/09/2006 19:54 <REP> Messenger
19/09/2006 19:20 <REP> microsoft frontpage
19/09/2006 19:52 <REP> Microsoft Office
10/10/2006 23:20 49 195 mmcdda32.dll
19/09/2006 19:19 <REP> Movie Maker
19/09/2006 19:17 <REP> MSN
23/09/2006 21:18 <REP> MSN Apps
19/09/2006 19:17 <REP> MSN Gaming Zone
13/06/2007 18:05 <REP> MSN Messenger
25/09/2006 20:51 <REP> NetMeeting
10/10/2006 23:20 <REP> Netscape6
10/10/2006 23:20 654 992 normal.vs
19/09/2006 19:18 <REP> Outlook Express
23/09/2006 21:04 <REP> Paragon Software
10/10/2006 23:20 64 370 playrlic.html
10/10/2006 23:20 62 179 playrlic.txt
10/10/2006 23:20 <REP> plugins
28/09/2006 18:55 <REP> PowerQuest
10/10/2006 23:20 53 098 presets.rnx
10/10/2006 23:20 <REP> Producer
16/12/2006 16:15 <REP> QuickTime
10/10/2006 23:20 57 395 rdsf3260.dll
10/10/2006 23:20 29 773 Readme.html
10/10/2006 23:20 20 529 realjbox.exe
10/10/2006 23:20 64 370 RealNetworks License.html
10/10/2006 23:20 62 179 RealNetworks License.txt
10/10/2006 23:20 977 375 realplay.chm
10/10/2006 23:20 214 448 realplay.exe
10/10/2006 23:20 682 realplay.exe.manifest
10/10/2006 23:20 16 296 realtfon.fon
10/10/2006 23:20 667 689 rjbres.dll
10/10/2006 23:20 335 911 rjdlg.dll
10/10/2006 23:20 32 809 rjprog.dll
10/10/2006 23:20 61 485 rjwmapln.dll
10/10/2006 23:20 45 109 rpau3260.dll
10/10/2006 23:20 20 531 rphelperapp.exe
10/10/2006 23:20 <REP> rpplugins
10/10/2006 23:20 86 065 rpplugprot.dll
10/10/2006 23:20 54 736 rpshell.dll
10/10/2006 23:20 54 760 rpshellsearch.dll
10/10/2006 23:20 28 729 rpwa3260.dll
19/09/2006 19:17 <REP> Services en ligne
10/10/2006 23:20 <REP> Setup
01/11/2006 19:21 <REP> Smart Panel
12/06/2007 19:53 <REP> Spybot - Search & Destroy
10/10/2006 23:20 61 495 ssimages.vs
10/10/2006 23:20 70 strs23.dat
10/10/2006 23:20 15 strs26.dat
10/10/2006 23:20 221 subscription.rnx
10/10/2006 23:20 <REP> templates
10/10/2006 23:20 32 812 tnetdtct.dll
10/10/2006 23:20 57 385 tpasdk.dll
19/09/2006 19:27 <REP> Trend Micro
10/10/2006 23:20 102 441 tsasdk.dll
10/10/2006 23:20 17 846 videotest.rm
10/10/2006 23:20 119 808 waiting.avi
14/10/2006 00:36 <REP> Winamp
05/01/2007 22:13 <REP> Windows Media Player
19/09/2006 19:17 <REP> Windows NT
10/10/2006 23:20 28 721 wmdmhelper.dll
19/09/2006 19:20 <REP> xerox
48 fichier(s) 5 849 238 octets
51 Rép(s) 14 130 982 912 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CCDE-806C

Répertoire de C:\Program Files\fichiers communs

30/01/2007 19:09 <REP> .
30/01/2007 19:09 <REP> ..
30/01/2007 19:09 <REP> Adobe
19/09/2006 19:52 <REP> Designer
01/11/2006 19:11 <REP> FotoWire
28/09/2006 18:54 <REP> InstallShield
14/10/2006 00:00 <REP> Java
01/11/2006 19:10 <REP> Logitech
13/06/2007 18:05 <REP> Microsoft Shared
19/09/2006 19:18 <REP> MSSoap
19/09/2006 20:13 <REP> ODBC
10/10/2006 23:20 <REP> Real
19/09/2006 19:18 <REP> Services
19/09/2006 20:12 <REP> SpeechEngines
19/09/2006 19:52 <REP> System
13/10/2006 22:17 <REP> Totem Shared
10/10/2006 23:20 <REP> xing shared
0 fichier(s) 0 octets
17 Rép(s) 14 130 982 912 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CCDE-806C

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

19/09/2006 19:52 <REP> .
19/09/2006 19:52 <REP> ..
19/09/2006 19:52 <REP> 1033
19/09/2006 19:52 <REP> 1036
15/02/2001 05:45 1 318 912 MSONSEXT.DLL
13/02/2001 08:23 58 784 MSOSV.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
06/08/2000 09:04 401 462 MSVCP60.DLL
22/01/2001 03:25 69 632 PKMAXCTL.DLL
22/01/2001 03:25 872 448 PKMCDO.DLL
22/01/2001 03:25 159 744 PKMCORE.DLL
07/02/2001 09:59 106 496 PKMFORMS.DLL
12/02/2001 04:03 684 032 PKMRES.DLL
22/01/2001 03:25 28 672 PKMSSTLB.DLL
22/01/2001 03:25 40 960 PKMTEMPL.DLL
22/01/2001 03:25 24 576 PKMTRACE.DLL
22/01/2001 03:25 86 016 PKMWS.DLL
22/01/2001 03:25 237 568 PROMDEMO.DLL
05/01/2001 07:48 8 014 PUBPLACE.HTT
22/01/2001 03:25 184 320 SECMGR.DLL
22/01/2001 03:25 323 584 VAIDDMGR.DLL
22/01/2001 03:25 32 768 VAIMEM.DLL
19 fichier(s) 4 887 958 octets
4 Rép(s) 14 130 978 816 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est CCDE-806C

Répertoire de C:\

12/05/2007 18:22 68 096 diff.exe
12/05/2007 18:22 103 424 grep.exe
13/06/2007 21:18 151 266 mexico.exe
31/10/2005 17:56 700 416 StubInstaller.exe
4 fichier(s) 1 023 202 octets
0 Rép(s) 14 130 978 816 octets libres
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe
c:\Documents and Settings\marie\.limewire\.NetworkShare\LimeWireWin4.12.11.exe
c:\Documents and Settings\marie\Application Data\server123.exe
c:\Documents and Settings\marie\Application Data\winlogin.exe
c:\Documents and Settings\marie\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\marie\Bureau\MSNFix\MSNFix\incl\MD5File.exe
c:\Documents and Settings\marie\Bureau\MSNFix\MSNFix\incl\Process.exe
c:\Documents and Settings\marie\Bureau\MSNFix\MSNFix\incl\swreg.exe
c:\Documents and Settings\marie\Bureau\MSNFix\MSNFix\incl\zip.exe
c:\Documents and Settings\marie\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
c:\Documents and Settings\marie\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe
c:\Documents and Settings\marie\Mes documents\utilesyst\ccsetup133.exe
c:\Documents and Settings\marie\Mes documents\utilesyst\Install_MSN_Messenger.EXE
c:\Documents and Settings\marie\Mes documents\utilesyst\pm7_demo.exe
c:\Documents and Settings\marie\Mes documents\utilesyst\setupfre.exe
c:\Documents and Settings\marie\Mes documents\utilesyst\wmp11-windowsxp-x86-fr-fr.exe
c:\Documents and Settings\marie\Mes documents\utilesyst\anti rootkit\helper.exe
c:\Documents and Settings\marie\Mes documents\utilesyst\anti rootkit\sarcli.exe
c:\Documents and Settings\marie\Mes documents\utilesyst\anti rootkit\sargui.exe
c:\Documents and Settings\marie\Mes documents\utilesyst\anti rootkit\sarsfx.exe
c:\Documents and Settings\marie\Mes documents\utilesyst\anti rootkit\SophosBootTasksR.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\marie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

****** Fin du rapport DiagHelp
13 Juin 2007 21:59:02

est ce que je suis toujours infectée par le virus de msn ou pas?...
13 Juin 2007 22:09:10

Bien, on continue.

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
13 Juin 2007 22:14:46

GD2H, pourquoi ces rapports ici ?

Créé ton propre post, on ne se mélange pas.
a b 8 Sécurité
13 Juin 2007 22:18:45

Messages supprimés : pensez à alerter :jap: 
13 Juin 2007 22:31:51

chercheur_
je n'arrive pas à ouvrir combofix, une fois téléchargé, ca bloque mon ordi, plus rien ne répond...
13 Juin 2007 22:44:15

j'ai refait un highjackthis, au cas où ca pourrait servir?...

Logfile of HijackThis v1.99.1
Scan saved at 22:43:46, on 13/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
E:\telechargements\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\marie\Application Data\server123.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/105bd58b38540046ec21/netzip...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: bw+0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

13 Juin 2007 23:02:01

Ce rapport monte un fichier infectieux.


$$ Télécharge
SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...

clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.


$$ Redémarre en mode sans échec.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


$$ Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\marie\Application Data\server123.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/105bd5 [...] 601_fr.cab
O18 - Protocol: bw+0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {293029C9-F692-4346-B573-6F6797869CB2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


$$ Ouvre le dossier Clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Choisis l'option 2
Enregistre le rapport une fois le scan terminé


$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec le rapport qui se trouve ici C:\rapport_clean.txt et un nouveau HijackThis.
14 Juin 2007 00:30:37

fichier "report.txt":


SDFix: Version 1.87

Run by marie - 14/06/2007 - 0:08:28,50

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
:httpd 4426
:httpd.exe 11645
Total size: 16071 bytes.

system32: deleted 16071 bytes in 2 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------


Listing Files with Hidden Attributes:

C:\WINDOWS\system32\system32\winlogin.exe
C:\WINDOWS\LastGood.Tmp\INF\InstMed.inf
C:\WINDOWS\LastGood.Tmp\INF\InstMed.PNF
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.inf
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem12.inf
C:\WINDOWS\LastGood.Tmp\INF\oem12.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem13.inf
C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem14.inf
C:\WINDOWS\LastGood.Tmp\INF\oem14.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem15.inf
C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem16.inf
C:\WINDOWS\LastGood.Tmp\INF\oem16.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem17.inf
C:\WINDOWS\LastGood.Tmp\INF\oem17.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem18.inf
C:\WINDOWS\LastGood.Tmp\INF\oem18.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem19.inf
C:\WINDOWS\LastGood.Tmp\INF\oem19.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem20.inf
C:\WINDOWS\LastGood.Tmp\INF\oem20.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem21.inf
C:\WINDOWS\LastGood.Tmp\INF\oem21.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem22.inf
C:\WINDOWS\LastGood.Tmp\INF\oem22.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem23.inf
C:\WINDOWS\LastGood.Tmp\INF\oem23.PNF
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.inf
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.PNF
C:\WINDOWS\LastGood.Tmp\INF\wmad.inf
C:\WINDOWS\LastGood.Tmp\INF\wmad.PNF

Listing User Accounts:

comptes d'utilisateurs de \\MARIE-09EM1D6L9

Administrateur amis HelpAssistant
Invit‚ marie SUPPORT_388945a0
La commande s'est termin‚e correctement.


Finished


rapport_clean.txt:

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 13/06/2007 a 23:50:24,43

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..

rapport Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 00:28:02, on 14/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
E:\telechargements\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\marie\Application Data\server123.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/105bd58b38540046ec21/netzip...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


par contre, je n'ai pas pu faire en entier le Clean, ca restait bloqué sans rien faire et sans progression (donc au bout de plus d'une heure j'ai fini par le stopper...)

14 Juin 2007 00:36:26

je remet le fichier "report.txt" et le HiJack This, j'ai l'impression qu'ils ne sont pas en entier:


SDFix: Version 1.87

Run by marie - 14/06/2007 - 0:08:28,50

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
:httpd 4426
:httpd.exe 11645
Total size: 16071 bytes.

system32: deleted 16071 bytes in 2 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------


Listing Files with Hidden Attributes:

C:\WINDOWS\system32\system32\winlogin.exe
C:\WINDOWS\LastGood.Tmp\INF\InstMed.inf
C:\WINDOWS\LastGood.Tmp\INF\InstMed.PNF
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.inf
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem12.inf
C:\WINDOWS\LastGood.Tmp\INF\oem12.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem13.inf
C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem14.inf
C:\WINDOWS\LastGood.Tmp\INF\oem14.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem15.inf
C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem16.inf
C:\WINDOWS\LastGood.Tmp\INF\oem16.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem17.inf
C:\WINDOWS\LastGood.Tmp\INF\oem17.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem18.inf
C:\WINDOWS\LastGood.Tmp\INF\oem18.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem19.inf
C:\WINDOWS\LastGood.Tmp\INF\oem19.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem20.inf
C:\WINDOWS\LastGood.Tmp\INF\oem20.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem21.inf
C:\WINDOWS\LastGood.Tmp\INF\oem21.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem22.inf
C:\WINDOWS\LastGood.Tmp\INF\oem22.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem23.inf
C:\WINDOWS\LastGood.Tmp\INF\oem23.PNF
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.inf
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.PNF
C:\WINDOWS\LastGood.Tmp\INF\wmad.inf
C:\WINDOWS\LastGood.Tmp\INF\wmad.PNF

Listing User Accounts:

comptes d'utilisateurs de \\MARIE-09EM1D6L9

Administrateur amis HelpAssistant
Invit‚ marie SUPPORT_388945a0
La commande s'est termin‚e correctement.


Finished


Hijack This:


Logfile of HijackThis v1.99.1
Scan saved at 00:35:34, on 14/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\telechargements\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\marie\Application Data\server123.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/105bd58b38540046ec21/netzip...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe






14 Juin 2007 10:58:18

bonjour
voilà j'ai fait la même erreur que bien d'autres , j'ai ouvert le fichier photo.zip reçu sur msn.
ayant une connaissance plus que limitée sur l'informatique, j'ai rechercher sur pc le fichier photo.zip, j'ai fait extraire tout, ensuite j'ai supprimer le tout, et j'ai utilisé ad aware pour tout nettoyé
j'ai fait un scan avast qui n'a rien trouvé !
j'aimerai savoir si je suis sortie d'affaire ou non ?
cela a t il suffit ? ou dois je faire d'autres manipulations?
là aidez moi ! je suis dans l'impasse!
merci d'avance
laulo
14 Juin 2007 18:30:33

Bonjour


turtle_smi le
Il faut créer ton propre post, on risque de se mélanger sinon.


mll22


Relance un scan HijackThis et coche les lignes ci-dessous :

O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\marie\Application Data\server123.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/105bd5 [...] 601_fr.cab

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\Documents and Settings\marie\Application Data\server123.exe
C:\WINDOWS\system32\system32\winlogin.exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
14 Juin 2007 19:49:47

bonsoir chercheur_

voici le rapport de OTMoveIt:

C:\Documents and Settings\marie\Application Data\server123.exe moved successfully.
C:\WINDOWS\system32\system32\winlogin.exe moved successfully.

Created on 06/14/2007 19:48:26
14 Juin 2007 23:15:59

est ce que je suis encore infectée ou est ce que je suis débarassée enfin de ce truc?!!!

merci de m'aider!
14 Juin 2007 23:46:39

Pour voir ce qu'il reste, fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
15 Juin 2007 19:35:30

bonsoir

ca ne marche pas, à chaque fois que je clique sur le lien, ca me ferme la page internet...
j'ai essayé de le taper directement dans la barre d'adresses et ca ne marche pas non plus!
29 Septembre 2010 02:09:25

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:54, on 29/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Administrateur\Application Data\HEX-5823-6893-6818\jutshed.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Odyzua.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ol1.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Java Update Manager] C:\Documents and Settings\Administrateur\Application Data\HEX-5823-6893-6818\jutshed.exe
O4 - HKCU\..\Run: [3FWHZQA3LT] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ol1.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 6909 bytes
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS