[Virus] your computer is infected
x-latitpuceuh-x
-
did71 Messages postés 2187 Statut Contributeur sécurité -
did71 Messages postés 2187 Statut Contributeur sécurité -
Bonjour à tous,
Depuis quelques temps j'ai des problèmes avec mon ordi, et ca commence a m'énervé!! Alors en faite j'ai une fentre qui s'ouvre tout les 20sec (voir moins) en marquant "your computer is infected" avec un charabia lol ( moi et l'anglais ca fait deux lol) et donc voilà je voudrais me débarasse de celà !!
mici d'avance pr votre aide!!
bisous a tous
Depuis quelques temps j'ai des problèmes avec mon ordi, et ca commence a m'énervé!! Alors en faite j'ai une fentre qui s'ouvre tout les 20sec (voir moins) en marquant "your computer is infected" avec un charabia lol ( moi et l'anglais ca fait deux lol) et donc voilà je voudrais me débarasse de celà !!
mici d'avance pr votre aide!!
bisous a tous
A voir également:
- [Virus] your computer is infected
- What is my movie français - Télécharger - Divers TV & Vidéo
- Virus mcafee - Accueil - Piratage
- Who is on my wifi - Télécharger - Outils Internet
- Tokyvideo virus ✓ - Forum TV & Vidéo
- Softonic virus ✓ - Forum Virus
24 réponses
Bonsoir x-latitpuceuh-x,
Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.
* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.
a+
Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.
* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.
a+
voilà le rapport mici d'ance :):) -->
SmitFraudFix v2.124
Rapport fait à 21:55:35,84, 25/11/2006
Executé à partir de D:\Documents and Settings\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\cmd32.exe PRESENT !
C:\WINDOWS\system32\dial23.exe PRESENT !
C:\WINDOWS\system32\taskdir.exe PRESENT !
C:\WINDOWS\system32\z11.exe PRESENT !
C:\WINDOWS\system32\z12.exe PRESENT !
C:\WINDOWS\system32\z13.exe PRESENT !
C:\WINDOWS\system32\z14.exe PRESENT !
C:\WINDOWS\system32\z15.exe PRESENT !
C:\WINDOWS\system32\z16.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\~~ la tite puceuh ~~
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\~~ la tite puceuh ~~\Application Data
C:\Documents and Settings\~~ la tite puceuh ~~\Application Data\Install.dat PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\~~LATI~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\~~LATI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\SpySheriff\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
pe386 détecté, utilisez un scanner de Rootkit
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.124
Rapport fait à 21:55:35,84, 25/11/2006
Executé à partir de D:\Documents and Settings\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\cmd32.exe PRESENT !
C:\WINDOWS\system32\dial23.exe PRESENT !
C:\WINDOWS\system32\taskdir.exe PRESENT !
C:\WINDOWS\system32\z11.exe PRESENT !
C:\WINDOWS\system32\z12.exe PRESENT !
C:\WINDOWS\system32\z13.exe PRESENT !
C:\WINDOWS\system32\z14.exe PRESENT !
C:\WINDOWS\system32\z15.exe PRESENT !
C:\WINDOWS\system32\z16.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\~~ la tite puceuh ~~
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\~~ la tite puceuh ~~\Application Data
C:\Documents and Settings\~~ la tite puceuh ~~\Application Data\Install.dat PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\~~LATI~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\~~LATI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\SpySheriff\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
pe386 détecté, utilisez un scanner de Rootkit
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
re,
* Redémarre en mode sans échec.
* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.
* Redémarres normalement
Communiques le deuxième rapport de SmitfraudFix!
a+
* Redémarre en mode sans échec.
* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.
* Redémarres normalement
Communiques le deuxième rapport de SmitfraudFix!
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re,
info ici:
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924
a+
info ici:
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924
a+
voilà, pas pu faire le nettoyage du registre car c'est super long j'avais déjà essayer de le faire!! ca a pris une jounrée entière et après j'ai du couper l'ordi donc voilà :s:s
SmitFraudFix v2.124
Rapport fait à 22:44:24,21, 25/11/2006
Executé à partir de D:\Documents and Settings\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage du registre non souhaité.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.124
Rapport fait à 22:44:24,21, 25/11/2006
Executé à partir de D:\Documents and Settings\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage du registre non souhaité.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Fin
voilà mici encore de m'aider!!
SmitFraudFix v2.124
Rapport fait à 22:58:15,87, 25/11/2006
Executé à partir de D:\Documents and Settings\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\taskdir.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\~~ la tite puceuh ~~
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\~~ la tite puceuh ~~\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\~~LATI~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\~~LATI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
pe386 détecté, utilisez un scanner de Rootkit
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.124
Rapport fait à 22:58:15,87, 25/11/2006
Executé à partir de D:\Documents and Settings\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\taskdir.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\~~ la tite puceuh ~~
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\~~ la tite puceuh ~~\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\~~LATI~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\~~LATI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
pe386 détecté, utilisez un scanner de Rootkit
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
re,
donc je te redemande :
* Redémarre en mode sans échec.
* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.
* Redémarres normalement
Communiques le deuxième rapport de SmitfraudFix!
a+
donc je te redemande :
* Redémarre en mode sans échec.
* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.
* Redémarres normalement
Communiques le deuxième rapport de SmitfraudFix!
a+
voilà j'ai refait ce que vous m'avez dit!! mici de votre aide!!
SmitFraudFix v2.124
Rapport fait à 22:44:24,21, 25/11/2006
Executé à partir de D:\Documents and Settings\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage du registre non souhaité.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.124
Rapport fait à 22:44:24,21, 25/11/2006
Executé à partir de D:\Documents and Settings\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage du registre non souhaité.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849B5-93F3-429D-FF34-660A2068897C}"="DirectX additional"
[HKEY_CLASSES_ROOT\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8A5849B5-93F3-429D-FF34-660A2068897C}\InProcServer32]
@="C:\WINDOWS\System32\xpRecovery.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\qpfhb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Bonsoir x-latitpuceuh-x,
télécharge HijackThis:
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
Fais un scan et poste l'analyse.
a+
télécharge HijackThis:
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
Fais un scan et poste l'analyse.
a+
Logfile of HijackThis v1.99.1
Scan saved at 19:37:30, on 27/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Ultimate Cleaner\App.exe
C:\Program Files\Ultimate Defender\App.exe
C:\windows\system32\winclean.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EUROBA~1\erobar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\System32\xpRecovery.dll - {8A5849B5-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\System32\xpRecovery.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKLM\..\Run: [pdvyeng.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pdvyeng.dll,drjbxce
O4 - HKLM\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\App.exe" hide
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKLM\..\Run: [winclean] c:\windows\system32\winclean.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Avp monitor] C:\DOCUME~1\~~LATI~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - Startup: .protected
O4 - Startup: Eurobarre.lnk = C:\Program Files\eurobarre\eb.exe
O4 - Global Startup: .protected
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37A35576-24AB-4949-8A77-15169EF26E23}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\qpfhb.dll
O21 - SSODL: dsVUJOau - {7C5FCF48-D6F5-65E2-C266-991087C5EA76} - C:\WINDOWS\System32\rcw.dll (file missing)
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Scan saved at 19:37:30, on 27/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Ultimate Cleaner\App.exe
C:\Program Files\Ultimate Defender\App.exe
C:\windows\system32\winclean.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EUROBA~1\erobar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\System32\xpRecovery.dll - {8A5849B5-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\System32\xpRecovery.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKLM\..\Run: [pdvyeng.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pdvyeng.dll,drjbxce
O4 - HKLM\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\App.exe" hide
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKLM\..\Run: [winclean] c:\windows\system32\winclean.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Avp monitor] C:\DOCUME~1\~~LATI~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - Startup: .protected
O4 - Startup: Eurobarre.lnk = C:\Program Files\eurobarre\eb.exe
O4 - Global Startup: .protected
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37A35576-24AB-4949-8A77-15169EF26E23}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\qpfhb.dll
O21 - SSODL: dsVUJOau - {7C5FCF48-D6F5-65E2-C266-991087C5EA76} - C:\WINDOWS\System32\rcw.dll (file missing)
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
re,
1) désinstalle via ajout/suppresion de programme :
Ultimate Cleaner
Ultimate Defender
2) télécharge AVG Anti-Spyware :
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente!
Redémarre en mode sans échec!
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
3) poste le rapport AVG ainsi qu'un nouvel hijackthis!
a+
1) désinstalle via ajout/suppresion de programme :
Ultimate Cleaner
Ultimate Defender
2) télécharge AVG Anti-Spyware :
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente!
Redémarre en mode sans échec!
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
3) poste le rapport AVG ainsi qu'un nouvel hijackthis!
a+
euhh pr supprimer les 2 truc (Ultimate Cleaner-Ultimate Defender) je ne les trouve pas ds l'ajout/supression de programme :s:s
re,
pas grave, continue la procédure!
il y a des fichiers infectés sur ce rapport peu courant!
je rajoute donc:
Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau :
https://europe.f-secure.com/exclude/blacklight/index.shtml
Double-clique blbeta.exe et accepte la licence, clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
pas grave, continue la procédure!
il y a des fichiers infectés sur ce rapport peu courant!
je rajoute donc:
Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau :
https://europe.f-secure.com/exclude/blacklight/index.shtml
Double-clique blbeta.exe et accepte la licence, clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
avg-->
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 21:43:56 27/11/2006
+ Résultat de l'analyse:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-507921405-1035525444-725345543-1003\Software\IST -> Adware.ISTBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{AAAA22BA-FA11-416B-9A09-29EA2C2371B3}\RP123\A0014998.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013596.exe -> Adware.Spysheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0007869.exe -> Dialer.GBDialer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013586.exe -> Dialer.GBDialer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP48\A0006744.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP49\A0006814.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006835.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0007832.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0008834.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009831.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009891.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010243.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010257.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0011261.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011423.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011445.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012438.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012456.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013456.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013475.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013582.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-507921405-1035525444-725345543-1003\Dc136 -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012457.exe -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013457.exe -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013476.exe -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013583.exe -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\J6seshR.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\MNgB6c8.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\T0m04Vf.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\Ux27Pc0.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\is07c6t.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\lSB77IR.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\pCVm0vo.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\subCODm.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\u7v0SRC.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\uVhrf4v.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\wQA5he0.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\x5BUF4V.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006830.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009859.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009860.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009861.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012446.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\TBg83R6.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\t5ss36I.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\vO344La.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013655.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013686.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009832.exe -> Downloader.Small.ddx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013689.dll -> Downloader.Small.ddx : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-507921405-1035525444-725345543-1003\Dc138.exe -> Downloader.Small.dex : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013585.exe -> Downloader.Small.dex : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-507921405-1035525444-725345543-1003\Dc134 -> Dropper.Delf.va : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013591.exe -> Dropper.Delf.va : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ipv6mons.dll -> Logger.BZub.fh : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\Local Settings\Temporary Internet Files\Content.IE5\VXVSPBB4\installdrivecleanerstart_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006829.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010238.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010252.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0011252.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011435.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012478.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013574.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-507921405-1035525444-725345543-1003\Dc135 -> Not-A-Virus.Hoax.Win32.Renos.gc : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013588.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP49\A0006804.dll -> Proxy.Agent.df : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\Local Settings\Temp\maindll.dll -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@enhance[2].txt -> TrackingCookie.Enhance : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@media.fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@goclick[1].txt -> TrackingCookie.Goclick : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\WINDOWS\system32\winclean.exe -> Trojan.Agent.aaw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP48\A0006745.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP49\A0006816.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006831.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006833.exe -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0007831.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0008831.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009833.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009875.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010242.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010256.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0011256.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011428.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011444.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011449.exe -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012445.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012464.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012465.exe -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013464.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013483.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013614.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013637.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013654.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013660.exe -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\adir.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wservice.exelfiegn -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
et hijackthis-->
Logfile of HijackThis v1.99.1
Scan saved at 21:50:36, on 27/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Ultimate Cleaner\App.exe
C:\Program Files\Ultimate Defender\App.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EUROBA~1\erobar.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\System32\xpRecovery.dll - {8A5849B5-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\System32\xpRecovery.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKLM\..\Run: [pdvyeng.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pdvyeng.dll,drjbxce
O4 - HKLM\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\App.exe" hide
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Avp monitor] C:\DOCUME~1\~~LATI~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - Startup: .protected
O4 - Startup: Eurobarre.lnk = C:\Program Files\eurobarre\eb.exe
O4 - Global Startup: .protected
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37A35576-24AB-4949-8A77-15169EF26E23}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\qpfhb.dll
O21 - SSODL: dsVUJOau - {7C5FCF48-D6F5-65E2-C266-991087C5EA76} - C:\WINDOWS\System32\rcw.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
voilà je fais la suite mnt lol!!
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 21:43:56 27/11/2006
+ Résultat de l'analyse:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-507921405-1035525444-725345543-1003\Software\IST -> Adware.ISTBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{AAAA22BA-FA11-416B-9A09-29EA2C2371B3}\RP123\A0014998.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013596.exe -> Adware.Spysheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0007869.exe -> Dialer.GBDialer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013586.exe -> Dialer.GBDialer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP48\A0006744.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP49\A0006814.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006835.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0007832.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0008834.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009831.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009891.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010243.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010257.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0011261.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011423.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011445.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012438.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012456.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013456.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013475.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013582.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-507921405-1035525444-725345543-1003\Dc136 -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012457.exe -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013457.exe -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013476.exe -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013583.exe -> Downloader.Small.awa : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\J6seshR.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\MNgB6c8.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\T0m04Vf.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\Ux27Pc0.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\is07c6t.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\lSB77IR.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\pCVm0vo.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\subCODm.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\u7v0SRC.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\uVhrf4v.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\wQA5he0.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\x5BUF4V.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006830.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009859.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009860.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009861.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012446.exe -> Downloader.Small.ciw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\TBg83R6.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\t5ss36I.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\vO344La.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013655.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013686.exe -> Downloader.Small.dam : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009832.exe -> Downloader.Small.ddx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013689.dll -> Downloader.Small.ddx : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-507921405-1035525444-725345543-1003\Dc138.exe -> Downloader.Small.dex : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013585.exe -> Downloader.Small.dex : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-507921405-1035525444-725345543-1003\Dc134 -> Dropper.Delf.va : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013591.exe -> Dropper.Delf.va : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ipv6mons.dll -> Logger.BZub.fh : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\Local Settings\Temporary Internet Files\Content.IE5\VXVSPBB4\installdrivecleanerstart_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006829.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010238.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010252.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0011252.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011435.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012478.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013574.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-507921405-1035525444-725345543-1003\Dc135 -> Not-A-Virus.Hoax.Win32.Renos.gc : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013588.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP49\A0006804.dll -> Proxy.Agent.df : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\Local Settings\Temp\maindll.dll -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@enhance[2].txt -> TrackingCookie.Enhance : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@media.fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@goclick[1].txt -> TrackingCookie.Goclick : Nettoyé.
C:\Documents and Settings\~~ la tite puceuh ~~\Cookies\~~ la tite puceuh ~~@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\WINDOWS\system32\winclean.exe -> Trojan.Agent.aaw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP48\A0006745.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP49\A0006816.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006831.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0006833.exe -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0007831.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0008831.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009833.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0009875.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010242.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0010256.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP50\A0011256.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011428.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011444.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0011449.exe -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012445.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012464.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0012465.exe -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013464.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP54\A0013483.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013614.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013637.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013654.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E6556281-3238-43AA-BBDB-A835A2FDD67D}\RP58\A0013660.exe -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\adir.dll -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wservice.exelfiegn -> Worm.Banwarum.f : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
et hijackthis-->
Logfile of HijackThis v1.99.1
Scan saved at 21:50:36, on 27/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Ultimate Cleaner\App.exe
C:\Program Files\Ultimate Defender\App.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EUROBA~1\erobar.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\System32\xpRecovery.dll - {8A5849B5-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\System32\xpRecovery.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKLM\..\Run: [pdvyeng.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pdvyeng.dll,drjbxce
O4 - HKLM\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\App.exe" hide
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Avp monitor] C:\DOCUME~1\~~LATI~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - Startup: .protected
O4 - Startup: Eurobarre.lnk = C:\Program Files\eurobarre\eb.exe
O4 - Global Startup: .protected
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37A35576-24AB-4949-8A77-15169EF26E23}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\qpfhb.dll
O21 - SSODL: dsVUJOau - {7C5FCF48-D6F5-65E2-C266-991087C5EA76} - C:\WINDOWS\System32\rcw.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
voilà je fais la suite mnt lol!!
voilà la suite, je sais pas trop si c'est vraiment çà :s:s dites moi si c'est ca ou pas lol!! mici encore -->
11/27/06 21:54:00 [Info]: BlackLight Engine 1.0.47 initialized
11/27/06 21:54:00 [Info]: OS: 5.1 build 2600 ()
11/27/06 21:54:00 [Note]: 7019 4
11/27/06 21:54:00 [Note]: 7005 0
11/27/06 21:54:00 [Note]: 7006 0
11/27/06 21:54:00 [Note]: 7011 1280
11/27/06 21:54:01 [Note]: 7026 0
11/27/06 21:54:01 [Note]: 7026 0
11/27/06 21:54:10 [Note]: FSRAW library version 1.7.1020
11/27/06 21:54:17 [Note]: 7007 0
11/27/06 21:54:00 [Info]: BlackLight Engine 1.0.47 initialized
11/27/06 21:54:00 [Info]: OS: 5.1 build 2600 ()
11/27/06 21:54:00 [Note]: 7019 4
11/27/06 21:54:00 [Note]: 7005 0
11/27/06 21:54:00 [Note]: 7006 0
11/27/06 21:54:00 [Note]: 7011 1280
11/27/06 21:54:01 [Note]: 7026 0
11/27/06 21:54:01 [Note]: 7026 0
11/27/06 21:54:10 [Note]: FSRAW library version 1.7.1020
11/27/06 21:54:17 [Note]: 7007 0
re,
1) relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKLM\..\Run: [pdvyeng.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pdvyeng.dll,drjbxce
O4 - HKLM\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\App.exe" hide
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [Avp monitor] C:\DOCUME~1\~~LATI~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - Startup: .protected
O18 - Protocol: bw+0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\qpfhb.dll
O21 - SSODL: dsVUJOau - {7C5FCF48-D6F5-65E2-C266-991087C5EA76} - C:\WINDOWS\System32\rcw.dll (file missing)
2) recherche et supprime les dossier/fichier en gras ci dessous :
C:\WINDOWS\System32\wservice.exe
C:\WINDOWS\System32\pdvyeng.dll
C:\WINDOWS\System32\nordsys.exe
C:\DOCUME~1\~~LATI~1\LOCALS~1\Temp\svchost.exe
3) Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, suis les consignes.
Poste le rapport qui se trouve ici C:\rapport_clean.txt
4) poste le rapport cleanzip ainsi qu'un nouvel hijackthis!
a+
1) relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKLM\..\Run: [pdvyeng.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pdvyeng.dll,drjbxce
O4 - HKLM\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\App.exe" hide
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [Avp monitor] C:\DOCUME~1\~~LATI~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - Startup: .protected
O18 - Protocol: bw+0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {294C5B7C-2BB0-4F3B-8F33-A968242C044F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\qpfhb.dll
O21 - SSODL: dsVUJOau - {7C5FCF48-D6F5-65E2-C266-991087C5EA76} - C:\WINDOWS\System32\rcw.dll (file missing)
2) recherche et supprime les dossier/fichier en gras ci dessous :
C:\WINDOWS\System32\wservice.exe
C:\WINDOWS\System32\pdvyeng.dll
C:\WINDOWS\System32\nordsys.exe
C:\DOCUME~1\~~LATI~1\LOCALS~1\Temp\svchost.exe
3) Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, suis les consignes.
Poste le rapport qui se trouve ici C:\rapport_clean.txt
4) poste le rapport cleanzip ainsi qu'un nouvel hijackthis!
a+
