fenetre de pub pour dl des antis-virus

Fsn76

24 Septembre 2006 14:33:04

Bonjour

Je vien de reformater mon pc, j'ai naviguer sur le web sans mon anti virus et je me suis pris des virus. je vien d'installer mon anti virus, j'ai de moins en moins de fenetre mais il doit encore rester des virus, j'en suis sur. Voici mon log HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 16:10:16, on 24/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\isnotify.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VALVE\STEAM\STEAM.exe
C:\Program Files\ZDaemon\zlauncher.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Fsn76\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O18 - Protocol: bw+0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Autres pages sur : fenetre pub antis virus

| Etre averti des réponses
| Alerter

Répondre à Fsn76

Angeldark

24 Septembre 2006 14:35:02

Bonjour,

Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix(.cmd)
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

NOTE :
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

| Alerter

Répondre à Angeldark

Fsn76

24 Septembre 2006 15:07:43

SmitFraudFix v2.99

Rapport fait à 17:04:58,46, 24/09/2006
Executé à partir de C:\Documents and Settings\Fsn76\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\uniq PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe PRESENT !
C:\WINDOWS\system32\ismini.exe PRESENT !
C:\WINDOWS\system32\isnotify.exe PRESENT !
C:\WINDOWS\system32\issearch.exe PRESENT !
C:\WINDOWS\system32\ixt?.dll PRESENT !
C:\WINDOWS\system32\ixt??.dll PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\ts.ico PRESENT !
C:\WINDOWS\system32\components\flx?.dll PRESENT !
C:\WINDOWS\system32\components\flx??.dll PRESENT !
C:\WINDOWS\system32\components\flx???.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fsn76\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FSN76\FAVORIS

C:\DOCUME~1\FSN76\FAVORIS\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Safety Bar\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

| Alerter

Répondre à Fsn76

Angeldark

24 Septembre 2006 15:20:28

Re,

Redémarre en mode sans échec

Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à la ou les questions
Sauvegarde puis poste le rapport.

| Alerter

Répondre à Angeldark

Fsn76

24 Septembre 2006 16:06:41

SmitFraudFix v2.99

Rapport fait à 17:44:49,34, 24/09/2006
Executé à partir de C:\Documents and Settings\Fsn76\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\uniq supprimé
C:\WINDOWS\system32\ishost.exe supprimé
C:\WINDOWS\system32\ismini.exe supprimé
C:\WINDOWS\system32\isnotify.exe supprimé
C:\WINDOWS\system32\issearch.exe supprimé
C:\WINDOWS\system32\ixt?.dll supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\ts.ico supprimé
C:\WINDOWS\system32\components\flx?.dll supprimé
C:\DOCUME~1\FSN76\FAVORIS\Antivirus Test Online.url supprimé
C:\Program Files\Safety Bar\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

| Alerter

Répondre à Fsn76

Angeldark

24 Septembre 2006 16:28:38

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau

Double clique combofix.exe et suis les invites.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Poste un rapport Hijackthis

| Alerter

Répondre à Angeldark

Fsn76

24 Septembre 2006 18:45:38

Rapport combofix
___________________________________________

Fsn76 - 06-09-24 20:42:21,75 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\components
C:\Program Files\Fichiers communs\{1C241F11-0710-1036-1017-050502020021}

((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))

2006-09-24 07:47 632,773 ---hs---- C:\WINDOWS\system32\gjjlm.bak1
2006-09-24 07:47 577,588 ---hs---- C:\WINDOWS\system32\mljjg.dll
2006-09-24 07:39 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2006-09-24 06:23 94,208 --a------ C:\WINDOWS\system32\uhvjsul.dll
2006-09-24 06:23 72,704 --a------ C:\WINDOWS\system32\unaoakg.dll
2006-09-24 06:23 40,973 ---hs---- C:\WINDOWS\system32\opnnkhf.dll
2006-09-24 06:23 15,872 --a------ C:\WINDOWS\system32\winjks32.dll
2006-09-24 06:22 0 --a------ C:\uidsrfqk.exe
2006-09-24 06:22 0 --a------ C:\prfqfvfm.exe
2006-09-24 06:22 0 --a------ C:\oorwopjo.exe
2006-09-24 06:22 0 --a------ C:\jvxw.exe
2006-09-24 06:22 0 --a------ C:\jswudopx.exe
2006-09-24 06:22 0 --a------ C:\dolhv.exe
2006-09-24 06:22 0 --a------ C:\dlkvnr.exe
2006-09-24 06:22 0 --a------ C:\bimndrw.exe
2006-09-24 05:37 90,112 --a------ C:\WINDOWS\system32\KemUtil.dll
2006-09-24 05:37 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-09-24 05:37 86,016 --a------ C:\WINDOWS\system32\KemWnd.dll
2006-09-24 05:37 65,536 --a------ C:\WINDOWS\system32\KemXML.dll
2006-09-24 05:37 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2006-09-24 05:37 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2006-09-24 05:37 143,360 --a------ C:\WINDOWS\system32\kemutb.dll
2006-09-24 05:37 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2006-09-24 05:22 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-09-24 05:22 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-09-24 05:22 620,180 --a------ C:\WINDOWS\system32\divx.dll
2006-09-24 05:22 593,938 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-09-24 05:22 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-09-24 05:22 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-24 05:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-09-24 05:22 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-09-24 05:22 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-09-24 05:22 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-09-24 05:22 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-09-24 05:22 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-09-24 04:46 577,536 --a------ C:\WINDOWS\soundman.exe
2006-09-24 04:46 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2006-09-24 04:46 315,392 --a------ C:\WINDOWS\alcupd.exe
2006-09-24 04:46 217,088 --a------ C:\WINDOWS\alcrmv.exe
2006-09-24 04:46 143,360 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2006-09-24 04:46 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2006-09-24 04:34 29,184 --------- C:\WINDOWS\system32\vIdeInst.dll
2006-09-24 02:58 592 --a------ C:\WINDOWS\chgkey.vbs
2006-09-24 02:01 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-24 01:58 712,704 --a------ C:\WINDOWS\system32\a3d.dll
2006-09-24 01:58 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-24 01:58 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2006-09-24 01:58 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2006-09-24 01:10 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2006-09-24 01:10 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2006-09-24 01:10 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2006-09-24 01:10 32,768 --a------ C:\WINDOWS\system32\ffJmpWeb.dll
2006-09-24 01:02 81,920 --a------ C:\WINDOWS\system32\W32N50.dll
2006-09-24 01:02 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.sys
2006-09-24 00:37 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-09-24 00:37 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-09-24 00:20 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-24 00:20 1,528 --a------ C:\WINDOWS\MAJ.CMD
2006-09-24 00:20 0 -rahs---- C:\MSDOS.SYS
2006-09-24 00:20 0 -rahs---- C:\IO.SYS
2006-09-24 00:20 0 --a------ C:\CONFIG.SYS
2006-09-24 00:20 0 --a------ C:\AUTOEXEC.BAT
2006-09-24 00:19 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-24 00:18 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-24 00:18 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-24 00:18 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-24 00:18 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-24 00:18 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-24 00:18 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-24 00:18 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-24 00:18 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-24 00:18 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-24 00:18 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-24 00:18 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-24 00:18 50,688 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-24 00:18 467,224 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-24 00:18 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-24 00:18 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-24 00:18 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-24 00:18 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-24 00:18 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-24 00:18 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-24 00:18 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-24 00:18 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-24 00:18 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-24 00:18 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-24 00:18 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-24 00:18 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-24 00:18 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-24 00:18 241,664 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-24 00:18 23,040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-09-24 00:18 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-24 00:18 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-24 00:18 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-24 00:18 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-24 00:18 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-24 00:18 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-24 00:18 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-24 00:18 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-24 00:18 128,792 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-24 00:18 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-24 00:18 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-24 00:18 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-24 00:18 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-24 00:18 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-24 00:17 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-24 00:17 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-24 00:17 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-24 00:17 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-24 00:17 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-24 00:17 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-24 00:17 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-24 00:17 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-24 00:17 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-24 00:17 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-24 00:17 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-24 00:17 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-24 00:17 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-24 00:17 61,952 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-24 00:17 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-24 00:17 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-24 00:17 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-24 00:17 57,344 --a------ C:\WINDOWS\system32\sol.exe
2006-09-24 00:17 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-24 00:17 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-24 00:17 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-24 00:17 539,136 --a------ C:\WINDOWS\system32\spider.exe
2006-09-24 00:17 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-24 00:17 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-24 00:17 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-24 00:17 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-24 00:17 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-24 00:17 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-24 00:17 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-24 00:17 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-24 00:17 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-24 00:17 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-24 00:17 354,304 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-24 00:17 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-24 00:17 347,648 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-24 00:17 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-24 00:17 297,984 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-24 00:17 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-24 00:17 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-24 00:17 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-24 00:17 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-24 00:17 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-24 00:17 22,528 --a------ C:\WINDOWS\system32\msg.exe
2006-09-24 00:17 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-24 00:17 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-24 00:17 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-24 00:17 189,952 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-24 00:17 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-24 00:17 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-24 00:17 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-24 00:17 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-24 00:17 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-24 00:17 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-24 00:17 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-24 00:17 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-24 00:17 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-24 00:17 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-24 00:17 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-24 00:17 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-24 00:17 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-24 00:17 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-24 00:17 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-24 00:17 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-24 00:17 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-24 00:17 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-24 00:17 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-24 00:17 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-24 00:17 115,200 --a------ C:\WINDOWS\system32\calc.exe
2006-09-24 00:17 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-24 00:17 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-24 00:17 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-24 00:17 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-24 00:17 10,240 --a------ C:\WINDOWS\system32\reset.exe
2006-09-24 00:17 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-24 00:17 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-24 00:16 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-24 00:16 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-24 00:16 191,488 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-24 00:16 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-24 00:13 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2006-09-24 00:13 639,872 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-09-24 00:13 212,992 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-09-24 00:13 205,312 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-09-24 00:13 2,365,472 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-09-24 00:12 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-24 00:11 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-24 00:11 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-24 00:11 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-24 00:11 76,800 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-24 00:11 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-24 00:11 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-24 00:11 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-24 00:11 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-24 00:11 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-24 00:11 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-24 00:11 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-24 00:11 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-24 00:11 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-24 00:11 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-24 00:11 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-24 00:11 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-24 00:11 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-24 00:11 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-24 00:11 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-24 00:11 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-24 20:36 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-09-24 18:08 -------- d-------- C:\Program Files\FileZilla
2006-09-24 16:47 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-09-24 16:47 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\teamspeak2
2006-09-24 15:35 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-09-24 15:35 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\Ultimate Cleaner
2006-09-24 08:05 -------- d-------- C:\Program Files\Valve
2006-09-24 07:39 -------- d-------- C:\Program Files\AntivirusFirewall
2006-09-24 07:08 -------- d-------- C:\Program Files\VideoLAN
2006-09-24 07:08 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\vlc
2006-09-24 07:01 -------- d-------- C:\Program Files\ZDaemon
2006-09-24 06:47 86 --ahs---- C:\Documents and Settings\Fsn76\Application Data\desktop.ini
2006-09-24 06:14 -------- d-------- C:\Program Files\TGTSoft
2006-09-24 06:05 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-09-24 05:59 -------- d-------- C:\Program Files\MSN Messenger
2006-09-24 05:59 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\PEX
2006-09-24 05:58 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\F-Secure
2006-09-24 05:53 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-24 05:53 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\Mozilla
2006-09-24 05:50 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\ispnews
2006-09-24 05:39 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\Logitech
2006-09-24 05:37 -------- d-------- C:\Program Files\Logitech
2006-09-24 05:37 -------- d-------- C:\Program Files\Fichiers communs\Logitech
2006-09-24 05:24 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\Media Player Classic
2006-09-24 05:22 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-09-24 04:46 -------- d-------- C:\Program Files\Realtek AC97
2006-09-24 04:35 -------- d-------- C:\Program Files\VIA
2006-09-24 04:19 506368 --a------ C:\WINDOWS\system32\winlogon.exe
2006-09-24 01:57 -------- d-------- C:\Program Files\WinRAR
2006-09-24 01:40 -------- d-------- C:\Program Files\HardwareDetection
2006-09-24 01:10 -------- d-------- C:\Program Files\Wanadoo Messager
2006-09-24 01:09 -------- d-------- C:\Program Files\Wanadoo
2006-09-24 01:08 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\Macromedia
2006-09-24 01:04 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-09-24 01:02 -------- d-------- C:\Program Files\Securitoo
2006-09-24 00:49 -------- d-------- C:\Program Files\Inventel
2006-09-24 00:40 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\ATI
2006-09-24 00:37 -------- d-------- C:\Program Files\ATI Technologies
2006-09-24 00:36 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 00:35 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-09-24 00:27 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-24 00:27 -------- d-------- C:\Documents and Settings\Fsn76\Application Data\Identities
2006-09-24 00:20 -------- d-------- C:\Program Files\xerox
2006-09-24 00:20 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-24 00:19 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-24 00:19 -------- d-------- C:\Program Files\Services en ligne
2006-09-24 00:18 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 00:18 -------- d-------- C:\Program Files\NetMeeting
2006-09-24 00:18 -------- d-------- C:\Program Files\Movie Maker
2006-09-24 00:18 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 00:18 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-24 00:18 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-09-24 00:18 -------- d-------- C:\Program Files\Fichiers communs\MSSoap
2006-09-24 00:18 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-24 00:17 -------- d-------- C:\Program Files\Windows NT
2006-09-24 00:17 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 00:17 -------- d-------- C:\Program Files\Online Services
2006-09-24 00:17 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-24 00:17 -------- d-------- C:\Program Files\MSN
2006-09-24 00:17 -------- d-------- C:\Program Files\Messenger
2006-09-24 00:11 -------- d---s---- C:\Documents and Settings\Fsn76\Application Data\Microsoft
2006-09-24 00:11 -------- d-------- C:\Program Files\Fichiers communs\SpeechEngines
2006-09-24 00:11 -------- d-------- C:\Program Files\Fichiers communs\ODBC
2006-09-24 00:11 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-24 00:11 -------- d-------- C:\Program Files\Fichiers communs
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-08-18 13:52 4017536 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM="
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SoundMan"="SOUNDMAN.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"uhvjsul.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\uhvjsul.dll,mrpmvyf"
"F-Secure Manager"="\"C:\\Program Files\\AntivirusFirewall\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\AntivirusFirewall\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\AntivirusFirewall\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\AntivirusFirewall\\FSGUI\\ispnews.exe\""
"Ultimate Cleaner"="C:\\Program Files\\Ultimate Cleaner\\App.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjks32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 24/09/2006 20:43:02.54
ComboFix.txt

Rapport HijackThis

______________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 20:45:02, on 24/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\ZDaemon\zlauncher.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fsn76\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O18 - Protocol: bw+0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

| Alerter

Répondre à Fsn76

Angeldark

24 Septembre 2006 18:57:56

Vundo + Dialer apparemment.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Ensuite :

Télécharge : KillBox

Mets le dans un dossier ou sur ton bureau (Clique droit puis Extraire tout)
Selectionne le texte dans le cadre:

Citation :

C:\WINDOWS\system32\winjks32.dll

Clique droit puis Copier.
----------

. Ouvre Killbox.exe
. Choisis "Delete on reboot"
. Clique sur :
- " File " -> " Paste from Clipboard "
- " Unregister .dll Before Deleting "

Pour terminer clique sur le rond rouge avec une croix blanche.

Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "

. Repond par "oui", un compte à rebour s'enclenche, ton PC va redémarrer.

Supprime ce dossier : C:\!KillBox

Aide sur KillBox

| Alerter

Répondre à Angeldark

Fsn76

25 Septembre 2006 14:50:40

Bonjour!

Voici le rapport vundoFix

___________________________________________

VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 05:56:57 25/09/2006

Listing files found while scanning....

C:\WINDOWS\system32\opnnkhf.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\opnnkhf.dll
C:\WINDOWS\system32\opnnkhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 16:00:49 25/09/2006

Listing files found while scanning....

C:\WINDOWS\system32\mljjg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.dll Has been deleted!

Performing Repairs to the registry.
Done!

Rapport HijackThis

____________________________________

Logfile of HijackThis v1.99.1
Scan saved at 16:30:52, on 25/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Fsn76\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O18 - Protocol: bw+0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {260C190F-AEA4-4DEE-BEDB-478358B140DE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

____________________________________

Dans killbox, quand je clique sur le rond rouge avec une croix blanche, il me met un message > PendingFileRenameOperations Registry Data has been removed by External Process! Et mon pc ne redemarre pas, pourquoi? Je n'est pas effacer le dossier de killbox situant dans c: en attendant ta reponse

ps: merci quand même de m'aider

| Alerter

Répondre à Fsn76

esteban54

25 Septembre 2006 17:36:44

Bonsoir,

0/ Désinstalle si possible les prog que tu trouves dans la liste ci-dessous, via Ajout/suppression de Prog :

Ultimate Cleaner --> faux utilitaire

1/ Télécharge et installe CCleaner

2/ Télécharge et installe ewido
Mets-le à jour (Bouton Update en haut puis bouton Start Update)

3/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)

O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf

O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

toutes les O18 sauf :
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)

5/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)

6/ ensuite supprime les fichiers et/ou dossiers suivants si présents :

C:\!KillBox\ --> le dossier
C:\WINDOWS\system32\unaoakg.dll
C:\WINDOWS\system32\uhvjsul.dll
C:\Program Files\Ultimate Cleaner\ --> le dossier

7/ Désactive le service inutile de France Telecom comme ceci :

Démarrer/Exécuter/ tape sc config FTRTSVC start= disabled puis entrée

8/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage

9/ Lance ewido :
Bouton Scanner
Puis onglet Settings
Dans la section How to Act, clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens à l'onglet Scan. Clique sur "Complete System Scan"
A la fin du scan, choisis l'option "Apply All Actions" en bas.
Clique sur "Save Report", puis "Save Report As" afin de sauvegarder le rapport sur le bureau.

10/ Redémarre normalement, poste le rapport d'ewido ainsi qu'un nouveau rapport HijackThis.

| Alerter

Répondre à esteban54

Angeldark

25 Septembre 2006 17:42:26

Le fichier a ete supprime avant le passage de Killbox

Installe Ewido
Lance Ewido puis mets le à jour en cliquant sur " Update Now "
Ferme le programme.
Aide sur Ewido de Rub_Mic

Redémarre en mode sans échec

Relance Ewido puis choisis l'onglet " Scanner "
Puis sur l'onglet " Settings ", pour " How to Act " sélectionne " Quarantine ".
Reviens dans l'onglet " Scan " puis réalise un " Complete System Scan "

* Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse *

Clique sur " Save Report " puis sur " Save Report As "
Enregistre ce fichier .txt sur ton bureau, Copie/Colle le ici en mode normal.

| Alerter

Répondre à Angeldark

Fsn76

26 Septembre 2006 11:35:11

Bonjour

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:22:37 26/09/2006

+ Scan result:

C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP17\A0002186.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP22\A0002529.dll -> Adware.Virtumionde : Cleaned with backup (quarantined).
C:\VundoFix Backups\opnnkhf.dll.bad -> Adware.Virtumionde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP15\A0001513.exe -> Downloader.Zlob.aee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP16\A0002023.exe -> Downloader.Zlob.aee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP17\A0002078.exe -> Downloader.Zlob.aee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP17\A0002199.exe -> Downloader.Zlob.aee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP19\A0002260.exe -> Downloader.Zlob.aee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP19\A0002275.exe -> Downloader.Zlob.aee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP19\A0002277.exe -> Downloader.Zlob.aml : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP19\A0002282.dll -> Downloader.Zlob.tj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP19\A0002233.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP19\A0002281.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
D:\Autre\RockXP4.exe/pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump2 : Error during cleaning.
D:\Autre\RockXP4.exe/pwdump2\samdump.dll -> Not-A-Virus.PSWTool.Win32.PWDump2 : Error during cleaning.
:mozilla.52:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Fsn76\Cookies\fsn76@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Fsn76\Cookies\fsn76@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Fsn76\Cookies\fsn76@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Planetactive : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Fsn76\Cookies\fsn76@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Fsn76\Application Data\Mozilla\Firefox\Profiles\mytg0pua.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Fsn76\Cookies\fsn76@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A1DFD01E-B776-4D0E-A22C-27247B0817ED}\RP17\A0002204.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).

::Report end

| Alerter

Répondre à Fsn76

Angeldark

26 Septembre 2006 16:01:20

As tu fais ce qu'a dit Esteban ?

| Alerter

Répondre à Angeldark

Fsn76

27 Septembre 2006 06:58:08

oups, désolé esteban, je n'avait pas vu ta réponse, merci de me l'avoir fait remarquer angeldark ^^

donc, j'ai bien suivi ce que tu m'as dit et voila le scan ewido

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 08:47:03 27/09/2006

+ Scan result:

D:\Autre\RockXP4.exe/pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump2 : Error during cleaning.
D:\Autre\RockXP4.exe/pwdump2\samdump.dll -> Not-A-Virus.PSWTool.Win32.PWDump2 : Error during cleaning.

::Report end

Pour info, je n'est pas effacé rockxp car c'est pas un virus mais un bon programme qui me eprmet de connaitre les clé cd installé des produit microsoft installé dans mon pc.

Voici le rapport HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 08:56:06, on 27/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Fsn76\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://drivers1.free.fr/telecharger.php?id=2&version=
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

voili voilou

| Alerter

Répondre à Fsn76

esteban54

27 Septembre 2006 07:24:51

plus rien d'infectieux dans ce rapport.
as-tu encore des dysfonctionnements ?

| Alerter

Répondre à esteban54

Fsn76

27 Septembre 2006 15:40:37

non, tout marche nickel

Bref, c'est la deuxieme fois que je me fais aider sur infos du net^^
Je vous remercie beaucoup, c'est vraiement tres gentils de votre part d'aider pour le plaisir

Milles merci!!!!!!!!!!!!!

| Alerter

Répondre à Fsn76

Tom's guide dans le monde