[Virus] Infections par de multiple pub

Résolu/Fermé
Signaler
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008
-
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008
-
[PS] : Je suis une buse dans l'informatique profonde (modif ficher et autre)
Bonjour à tous, depuis quelque semaine mon ordi me donne envie de le faire faire un vol planer par la fenêtre, il plante régulièrement des pub intempestive apparaissent fréquemment et il est de plus en plus lents. Bon la faute me reviens aussi peut être dans le fais que je n'avais pas d'antivirus durant quelque mois, et tout m'est tombé dessus d'un coup.

Souvent quand je suis sur le net, j'ai ce message d'erreur qui apparait et quand je met "Ok" ma barre de lancement (barre bleu au bas de l'écran) disparaît en bref quand je ferme toute mes fenêtre je me retrouve avec mon image de fond avec le curseur de la souris et tout ce que je peux faire c'est [CTRL]+[Alt]+[Del] :

http://img163.imageshack.us/img163/9529/erreurre0.png

J'ai notamment des pub en tout qui viennent me pourrir mon surf (Systemdoctor, WinAntiVirusPRO, et une grande page bleu avec comme titre :Error Detected), j'ai lancé Ad-Awards, Spyboot, CCleaner, mais j'ai l'impression que de plus en plus de pub m'envahisse, voici déjà mon rapport brute Hijack This :

Logfile of HijackThis v1.99.1
Scan saved at 19:15:29, on 20.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {61C40C3D-BDD2-B627-D189-C569348CDBE4} - (no file)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Steganos Internet Anonyme - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\quxfwhbc.dll",setvm
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://video.vividas.com/CDN1/4325_Pepsi/web/player/vivid_ocx.jpeg
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F9CDB8-BF58-4289-8669-EEA83434ED2E}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Merci de votre aide prochaine et providentielle.

30 réponses


Bonjour

Poste aussi ces rapports.

$ Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Tu le dézippes sur le Bureau.
Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.

$ Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
https://www.f-secure.com/en
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres)

Copie et colle le contenu de ce rapport dans ta prochaine réponse.
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

Alors voila le rapport de Smitfraud :

SmitFraudFix v2.131

Rapport fait à 19:20:57.03, 20.12.2006
Executé à partir de C:\Documents and Settings\Wxp\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\impgsje.dll PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\components\flx?.dll PRESENT !
C:\WINDOWS\system32\components\flx??.dll PRESENT !
C:\WINDOWS\system32\components\flx???.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wxp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wxp\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\Wxp\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Wxp\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyQuake2.com\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Documents and Settings\\Wxp\\Mes documents\\Mes images\\avatar48290_5.gif"
"SubscribedURL"="C:\\Documents and Settings\\Wxp\\Mes documents\\Mes images\\avatar48290_5.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="g:\\Fond d'‚crant\\index.htm"
"SubscribedURL"="g:\\Fond d'‚crant\\index.htm"
"FriendlyName"="Rumble Roses"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="C:\\WINDOWS\\SideBar\\sidebar\\index.html"
"SubscribedURL"="C:\\WINDOWS\\SideBar\\sidebar\\index.html"
"FriendlyName"="Longhorn SideBar"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Et Blacklist

12/20/06 19:22:16 [Info]: BlackLight Engine 1.0.47 initialized
12/20/06 19:22:16 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/20/06 19:22:16 [Note]: 7019 4
12/20/06 19:22:16 [Note]: 7005 0
12/20/06 19:22:54 [Note]: 7006 0
12/20/06 19:22:54 [Note]: 7011 3312
12/20/06 19:22:54 [Note]: 7026 0
12/20/06 19:22:54 [Note]: 7026 0
12/20/06 19:23:02 [Note]: FSRAW library version 1.7.1020
12/20/06 19:27:27 [Note]: 4020 29 65536
12/20/06 19:27:27 [Note]: 4018 29 65536
12/20/06 19:27:27 [Note]: 4013 21461
12/20/06 19:27:27 [Note]: 4020 29 65536
12/20/06 19:27:27 [Note]: 4018 29 65536
12/20/06 19:27:27 [Note]: 4020 29 65536
12/20/06 19:27:27 [Note]: 4018 29 65536
12/20/06 19:27:27 [Note]: 4013 21461
12/20/06 19:27:27 [Note]: 4020 29 65536
12/20/06 19:27:27 [Note]: 4018 29 65536
12/20/06 19:28:24 [Note]: 2000 1012
12/20/06 19:54:01 [Note]: 7007 0


Voila, euh je vous laisse lire tous cela car pour moi c'est du chinois :D .

juste tite question pour chercheur bis

O18 c'est bien la ligne ou l'on trouve des Pirates de protocole et de protocoles additionnels?

question serieus aps un de ses test stupide mais juste un trous de memoire
Utilisateur anonyme
Oui, on peut trouver des pirates.

Mais comme ici, il y a aussi des lignes légitimes, parfois inutiles

En cas de doute
http://www.castlecops.com/O18.html
Utilisateur anonyme > Utilisateur anonyme
mercie beaucoup pour le lien il me sera tres untile

Re

* Télécharge
AVG Anti-Spyware
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

* Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarres l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuyes sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionnes le mode sans échec approprié et appuyes sur Entrée.

* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.

* Lance le nettoyage avec CCleaner.

* Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

* Redémarres normalement et communiques le deuxième rapport de SmitfraudFix, celui d'AVG Anti-Spyware avec un nouveau rapport Hijackthis.
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

Ok merci Chercheur, je vais voir si j'ai le temps de faire cela demain soir. Mais j'ai déjà essayé de démarer en mode sans échec, mais l'ordi se bloque juste après la sélection, l'écrant est tout noir il y a juste un curseur qui clignote en haut à gauche, je ne pense pas que ce soit normale.

Mais je vous en dis plus vendredi soir maximum.
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 535
Bonsoir,

Non, c'est normal.

Le démarrage peut prendre pas mal de temps.

Va prendre un café tranquille.

Bon, au bout de 30 mn, il y a du souci à se faire.

Bonne suite.

Re


Si le mode sans échec ne fonctionne pas, fais la manip en mode normal.
Dans ce cas, il y auras peut être un redémarrage après SmitfraudFix.
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

Alors voila c'est enfin fais, en effet le mode sans échec met 5min pour se lancer, mais au moment ou il me demande si je veux continuer en sans échec ou revenir en normale il ne m'affiche juste l'écrant avec "mode sans échec" écrit dans les coins et c'est tout. Bon bref je me suis mis en mode normal et fais ce que tu m'asdis alors voila les rapports (a oui je n'ai pas redémarré après le SmitfraudFix) :

Rapport de Smit :

SmitFraudFix v2.131

Rapport fait à 17:34:44.50, 22.12.2006
Executé à partir de C:\Documents and Settings\Wxp\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\.protected supprimé
C:\WINDOWS\system32\impgsje.dll supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\components\flx?.dll supprimé
C:\DOCUME~1\Wxp\MENUDM~1\PROGRA~1\DMARRA~1\.protected supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected supprimé
C:\Program Files\SpyQuake2.com\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Rapport d'AVG :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:18:27 22.12.2006

+ Résultat de l'analyse:



HKU\S-1-5-21-823518204-2147279641-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Fichiers communs\{84B2DB13-0C7E-1036-0924-040307090029}\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP702\A0190016.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP702\A0190018.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP710\A0191384.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP722\A0192639.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP710\A0191352.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP710\A0191353.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP710\A0191354.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\fccbyvw.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\hggdccy.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\rqrrrpq.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP703\A0190022.exe -> Downloader.Purit.co : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP688\A0185222.exe -> Downloader.Zlob.aes : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\isnotify.0xe -> Downloader.Zlob.aew : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP684\A0178279.exe -> Dropper.DollarR.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\drvtoh.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP659\A0165512.exe -> Proxy.Horst.jq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP660\A0166152.exe -> Proxy.Horst.jq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP660\A0166501.exe -> Proxy.Horst.jq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP671\A0172893.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP671\A0172907.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP671\A0172931.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP672\A0172936.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP672\A0172963.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP672\A0172987.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP676\A0173191.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP676\A0173216.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP677\A0173220.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP677\A0173235.exe -> Proxy.Horst.kq : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP722\A0192640.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP722\A0192652.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP722\A0192684.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP723\A0192715.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP728\A0193250.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP728\A0193276.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP729\A0194276.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP729\A0194376.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP729\A0194484.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP730\A0194490.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP730\A0194513.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP731\A0194567.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP732\A0197484.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP732\A0198484.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP736\A0198746.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP736\A0198907.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP736\A0198931.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP736\A0200566.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP736\A0200605.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP737\A0200704.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP737\A0200729.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP738\A0200821.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP738\A0201729.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739\A0201844.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739\A0201864.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739\A0203961.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP651\A0160069.exe -> Trojan.Agent.xu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP652\A0160107.exe -> Trojan.Agent.xu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP659\A0162540.exe -> Trojan.Agent.xu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP659\A0164498.exe -> Trojan.Agent.xu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP702\A0190019.dll -> Trojan.LuckyBar888.a : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP710\A0191385.dll -> Trojan.LuckyBar888.a : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wtssvit.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

Et enfin celui de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 18:23:51, on 22.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\system32\svchost.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {61C40C3D-BDD2-B627-D189-C569348CDBE4} - (no file)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Steganos Internet Anonyme - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\qvlaojwx.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://video.vividas.com/CDN1/4325_Pepsi/web/player/vivid_ocx.jpeg
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F9CDB8-BF58-4289-8669-EEA83434ED2E}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Dans l'attente de votre futur réponse je vous remercie déjà, du temps que vous aller accorder à mon problème.

Re

Le rapport d'AVG montre une infection Vundo.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Note Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

Le rapport de VundoFix :

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 19:46:52 22.12.2006

Listing files found while scanning....

C:\WINDOWS\system32\cgevzkd.dll
C:\WINDOWS\system32\lctsupj.dll
C:\WINDOWS\system32\qrbddqi.dll
C:\WINDOWS\system32\ufkxftn.dll
C:\WINDOWS\system32\urwzhx.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qqstv.tmp
C:\WINDOWS\system32\xzzlbgi.dll
C:\WINDOWS\system32\yzivngl.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qqstv.tmp
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qqstv.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cgevzkd.dll
C:\WINDOWS\system32\cgevzkd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lctsupj.dll
C:\WINDOWS\system32\lctsupj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrbddqi.dll
C:\WINDOWS\system32\qrbddqi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ufkxftn.dll
C:\WINDOWS\system32\ufkxftn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urwzhx.dll
C:\WINDOWS\system32\urwzhx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qqstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqstv.tmp
C:\WINDOWS\system32\qqstv.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\xzzlbgi.dll
C:\WINDOWS\system32\xzzlbgi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yzivngl.dll
C:\WINDOWS\system32\yzivngl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Et celui de Hijack :

Logfile of HijackThis v1.99.1
Scan saved at 20:15:35, on 22.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {61C40C3D-BDD2-B627-D189-C569348CDBE4} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0964344D-C233-DAF1-2ADC-08C2A8D60810} - C:\WINDOWS\system32\hptukyk.dll
O2 - BHO: (no name) - {2527DC3F-C7A0-CF37-33EA-0525C1600A34} - C:\WINDOWS\system32\quqrbkl.dll
O2 - BHO: (no name) - {36068946-CD51-1AC7-C4AD-044557583146} - C:\WINDOWS\system32\lctsupj.dll (file missing)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\hpvekfro.dll
O2 - BHO: (no name) - {42E53C82-E11D-E01B-A428-084851DB6947} - C:\WINDOWS\system32\yzivngl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {61E91E9C-BF33-6A6A-7BFC-00B25F19A7AE} - C:\WINDOWS\system32\urwzhx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D60B6578-737A-4422-99B4-0ABEDEBA0C17} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Steganos Internet Anonyme - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\qvlaojwx.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://video.vividas.com/CDN1/4325_Pepsi/web/player/vivid_ocx.jpeg
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F9CDB8-BF58-4289-8669-EEA83434ED2E}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Re

Un grand ménage viens d'être fait.

On continue


$$ [*]Double-clique VundoFix.exe afin de le lancer.
[*]Fais un clic droit dans la fenêtre blanche et clique "Add more files?"
[*]Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):

C:\WINDOWS\system32\qvlaojwx.dll

[*]Clique sur le bouton "Add File(s)"
[*]Clique sur le bouton "Close Window".
[*]Clique à nouveau sur "Remove Vundo"
[*]Une invite te demandera si tu veux supprimer les fichiers, clique YES
[*]Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
[*]Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
[*]Démarre ton PC à nouveau.


$$ Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
- A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt


- Copie/colle le contenu du bloc-note avec le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse.
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

Alors c'est fais, mais maintenant quand je redémare mon ordi il me dis que le *.dll pour le fichier qvlaojwx.dll est introuvable. Et petite question c'est quoi un Vundo ?

Voici le rapport Diaghelp :

C:\WINDOWS\System32\wpa.dbl -->23.12.2006 11:03:15
C:\WINDOWS\System32\perfh00C.dat -->23.12.2006 10:56:18
C:\WINDOWS\System32\perfh009.dat -->23.12.2006 10:56:18
C:\WINDOWS\System32\perfc00C.dat -->23.12.2006 10:56:18
C:\WINDOWS\System32\perfc009.dat -->23.12.2006 10:56:18
C:\WINDOWS\System32\PerfStringBackup.INI -->23.12.2006 10:56:17
C:\WINDOWS\System32\xwjoalvq.ini -->23.12.2006 10:45:05
C:\WINDOWS\System32\odtpfici.dll -->22.12.2006 19:44:58
C:\WINDOWS\System32\oprsgstw.exe -->22.12.2006 19:44:54
C:\WINDOWS\System32\astpbqig.exe -->22.12.2006 19:20:47
C:\WINDOWS\System32\wbqmyces.dll -->22.12.2006 19:20:41
C:\WINDOWS\System32\ynktjcxl.exe -->22.12.2006 18:22:33
C:\WINDOWS\System32\axgvpryj.dll -->22.12.2006 18:22:27
C:\WINDOWS\System32\njimnfjf.dll -->22.12.2006 17:37:06
C:\WINDOWS\System32\cdjwyfix.exe -->22.12.2006 17:37:03
C:\WINDOWS\System32\tmp.txt -->22.12.2006 17:34:49
C:\WINDOWS\System32\tmp.reg -->22.12.2006 17:34:49
C:\WINDOWS\System32\dowllovy.exe -->22.12.2006 17:33:55
C:\WINDOWS\System32\cpdymfnb.dll -->22.12.2006 17:33:49
C:\WINDOWS\System32\cbhwfxuq.ini -->22.12.2006 17:33:08
C:\WINDOWS\System32\muaktpvk.dll -->22.12.2006 17:02:57
C:\WINDOWS\System32\cgfvpsjm.exe -->22.12.2006 17:02:52
C:\WINDOWS\System32\stuctgge.exe -->21.12.2006 19:03:25
C:\WINDOWS\System32\efvnvkme.dll -->21.12.2006 19:03:21
C:\WINDOWS\System32\cvfginer.dll -->20.12.2006 22:39:03

C:\WINDOWS\WindowsUpdate.log -->23.12.2006 11:03:06
C:\WINDOWS\bootstat.dat -->23.12.2006 11:03:00
C:\WINDOWS\SchedLgU.Txt -->23.12.2006 01:24:06
C:\WINDOWS\cdPlayer.ini -->26.11.2006 14:29:21
C:\WINDOWS\Thumbs.db -->19.11.2006 16:47:33
C:\WINDOWS\SWPRODPB.INI -->06.11.2006 23:17:10
C:\WINDOWS\system.ini -->06.11.2006 22:46:44
C:\WINDOWS\cserve.ini -->01.11.2006 21:44:14
C:\WINDOWS\WMSysPr9.prx -->04.10.2006 19:46:53
C:\WINDOWS\mngui.INI -->28.09.2006 10:43:09
C:\WINDOWS\pavsig.txt -->08.09.2006 19:57:38
C:\WINDOWS\BricoPackFoldersDelete.cmd -->12.08.2006 16:08:45
C:\WINDOWS\BricoPackUninst.txt -->12.08.2006 16:08:44
C:\WINDOWS\BricoPackUninst.cmd -->12.08.2006 16:08:44
C:\WINDOWS\BricoPack Wallpaper.bmp -->12.08.2006 16:08:35

C:\WINDOWS\ALCFDRTM.EXE |03/01/2002 17:07:42
C:\WINDOWS\alcrmv.exe |28/10/2004 16:12:26
C:\WINDOWS\alcupd.exe |28/10/2004 16:12:26
C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe |02/07/2005 17:43:37
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe |17/07/2005 18:21:58
C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe |02/04/2006 17:45:49
C:\WINDOWS\GPInstall.exe |09/02/2005 17:57:37
C:\WINDOWS\IsUn040c.exe |28/10/2004 15:57:55
C:\WINDOWS\IsUninst.exe |28/10/2004 15:45:05
C:\WINDOWS\iun6002.exe |20/07/2005 20:25:04
C:\WINDOWS\ScUnin.exe |24/09/2005 13:02:20
C:\WINDOWS\Setup1.exe |18/12/2004 13:14:19
C:\WINDOWS\slrundll.exe |28/10/2004 15:27:29
C:\WINDOWS\SOUNDMAN.EXE |28/10/2004 16:12:34
C:\WINDOWS\twunk_16.exe |24/04/2003 13:00:00
C:\WINDOWS\twunk_32.exe |24/04/2003 13:00:00
C:\WINDOWS\una2setup.exe |06/12/2004 20:06:03
C:\WINDOWS\unADesktop.exe |14/01/2005 15:43:51
C:\WINDOWS\unin040c.exe |16/02/2005 17:56:29
C:\WINDOWS\uninst.exe |18/08/2005 16:50:31
C:\WINDOWS\USBK700iphmgunin.exe |04/01/2002 19:44:54
C:\WINDOWS\twain.dll |24/04/2003 13:00:00
C:\WINDOWS\twain_32.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\AcSignOpt.exe |05/03/2005 13:18:15
C:\WINDOWS\system32\agfherdb.exe |12/11/2006 15:22:35
C:\WINDOWS\system32\amwskrut.exe |02/12/2006 10:10:42
C:\WINDOWS\system32\aolelmeq.exe |09/11/2006 22:22:04
C:\WINDOWS\system32\append.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\aqusnwid.exe |06/11/2006 20:39:32
C:\WINDOWS\system32\astpbqig.exe |22/12/2006 19:20:44
C:\WINDOWS\system32\asuninst.exe |23/01/2006 20:11:05
C:\WINDOWS\system32\aswBoot.exe |02/11/2006 22:11:06
C:\WINDOWS\system32\ati2evxx.exe |29/09/2004 07:16:44
C:\WINDOWS\system32\Ati2mdxx.exe |29/09/2004 07:18:28
C:\WINDOWS\system32\ati2sgag.exe |28/10/2004 16:20:39
C:\WINDOWS\system32\audimhij.exe |12/11/2006 20:54:38
C:\WINDOWS\system32\aupgnxlj.exe |10/11/2006 20:51:01
C:\WINDOWS\system32\bbjudflx.exe |18/11/2006 23:08:54
C:\WINDOWS\system32\bddoirhx.exe |08/11/2006 17:47:18
C:\WINDOWS\system32\bifvcaqc.exe |23/11/2006 22:57:34
C:\WINDOWS\system32\bldhynhq.exe |05/12/2006 17:35:24
C:\WINDOWS\system32\bnyvvhbm.exe |07/12/2006 22:10:45
C:\WINDOWS\system32\cdjwyfix.exe |22/12/2006 17:37:02
C:\WINDOWS\system32\cfvbcrlo.exe |17/12/2006 13:25:22
C:\WINDOWS\system32\cgfvpsjm.exe |22/12/2006 17:02:51
C:\WINDOWS\system32\cgtyqlrr.exe |18/11/2006 22:50:05
C:\WINDOWS\system32\cjgiktsa.exe |23/11/2006 22:57:43
C:\WINDOWS\system32\ckxhgpdf.exe |18/11/2006 23:02:29
C:\WINDOWS\system32\crdwqqep.exe |12/11/2006 16:53:27
C:\WINDOWS\system32\ddvvohgd.exe |09/11/2006 22:21:49
C:\WINDOWS\system32\debug.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\difwtfvm.exe |11/11/2006 12:49:52
C:\WINDOWS\system32\dikmwqyc.exe |11/11/2006 10:54:21
C:\WINDOWS\system32\dmgr2.exe |25/03/2005 20:32:41
C:\WINDOWS\system32\dosx.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\dowllovy.exe |22/12/2006 17:33:54
C:\WINDOWS\system32\dqacyhwy.exe |11/11/2006 09:40:54
C:\WINDOWS\system32\dqxktplr.exe |18/12/2006 19:14:24
C:\WINDOWS\system32\dtsijbas.exe |18/12/2006 18:58:30
C:\WINDOWS\system32\duajsngx.exe |01/12/2006 19:03:55
C:\WINDOWS\system32\dunxmasq.exe |26/11/2006 12:12:15
C:\WINDOWS\system32\duoollxq.exe |23/11/2006 23:11:12
C:\WINDOWS\system32\dvdplay.exe |23/08/2001 18:47:34
C:\WINDOWS\system32\dwarqyok.exe |04/12/2006 18:08:52
C:\WINDOWS\system32\ealavluy.exe |20/12/2006 18:15:00
C:\WINDOWS\system32\edeeccww.exe |12/11/2006 20:47:27
C:\WINDOWS\system32\edlin.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\elsdjceh.exe |11/11/2006 09:40:23
C:\WINDOWS\system32\eoffqsqk.exe |22/11/2006 20:45:25
C:\WINDOWS\system32\exe2bin.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\exrkvkgu.exe |11/12/2006 18:15:41
C:\WINDOWS\system32\fastopen.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\fopwmgdy.exe |03/11/2006 18:22:53
C:\WINDOWS\system32\fskmtsbm.exe |08/12/2006 17:59:51
C:\WINDOWS\system32\ftboxnxl.exe |16/11/2006 17:48:03
C:\WINDOWS\system32\fvsidooy.exe |05/11/2006 18:30:43
C:\WINDOWS\system32\gardhtfc.exe |20/11/2006 06:21:56
C:\WINDOWS\system32\gktfxipw.exe |10/12/2006 13:54:39
C:\WINDOWS\system32\gncopicl.exe |28/11/2006 17:42:14
C:\WINDOWS\system32\gobrxtwv.exe |21/11/2006 17:41:10
C:\WINDOWS\system32\guxarogi.exe |17/12/2006 18:04:27
C:\WINDOWS\system32\gvopwqdu.exe |25/11/2006 20:39:11
C:\WINDOWS\system32\gyjqeywt.exe |15/12/2006 19:15:29
C:\WINDOWS\system32\hgcddihu.exe |19/11/2006 23:21:40
C:\WINDOWS\system32\hjqqbfii.exe |12/11/2006 15:22:21
C:\WINDOWS\system32\hsrjerlt.exe |27/11/2006 20:35:08
C:\WINDOWS\system32\hxdfpeav.exe |25/11/2006 20:29:13
C:\WINDOWS\system32\ikicnabt.exe |17/11/2006 18:52:57
C:\WINDOWS\system32\imonihvr.exe |08/12/2006 22:51:10
C:\WINDOWS\system32\itdgccxx.exe |12/12/2006 17:39:48
C:\WINDOWS\system32\iuviiqct.exe |23/11/2006 22:05:02
C:\WINDOWS\system32\java.exe |13/11/2006 18:41:29
C:\WINDOWS\system32\javaw.exe |13/11/2006 18:41:29
C:\WINDOWS\system32\javaws.exe |13/11/2006 18:41:29
C:\WINDOWS\system32\jkrmhoip.exe |26/11/2006 23:14:15
C:\WINDOWS\system32\katadsql.exe |16/12/2006 11:44:36
C:\WINDOWS\system32\krplutvf.exe |25/11/2006 15:36:46
C:\WINDOWS\system32\ksmnegtd.exe |18/12/2006 19:48:40
C:\WINDOWS\system32\kunweeey.exe |29/11/2006 18:46:32
C:\WINDOWS\system32\kvrmyshi.exe |06/11/2006 21:22:31
C:\WINDOWS\system32\ldguntat.exe |26/11/2006 18:37:33
C:\WINDOWS\system32\lvvoqgqi.exe |05/11/2006 18:27:03
C:\WINDOWS\system32\mcldsfkv.exe |12/11/2006 20:54:29
C:\WINDOWS\system32\mem.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\mgxpvprt.exe |25/11/2006 15:19:23
C:\WINDOWS\system32\mjwgqnkh.exe |09/12/2006 12:16:41
C:\WINDOWS\system32\mscdexnt.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\musqllhf.exe |10/11/2006 17:09:51
C:\WINDOWS\system32\mvtnxnrp.exe |30/11/2006 17:31:55
C:\WINDOWS\system32\mydcfiom.exe |26/11/2006 13:05:17
C:\WINDOWS\system32\mykecmyy.exe |13/12/2006 17:45:01
C:\WINDOWS\system32\ndjhporp.exe |09/12/2006 16:53:53
C:\WINDOWS\system32\NeroCheck.exe |09/07/2001 11:50:42
C:\WINDOWS\system32\nfqwphvg.exe |10/11/2006 20:50:53
C:\WINDOWS\system32\nhsraulq.exe |20/12/2006 18:34:52
C:\WINDOWS\system32\nloyoorh.exe |12/11/2006 16:53:15
C:\WINDOWS\system32\nlsfunc.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\nnddeawh.exe |13/11/2006 18:29:05
C:\WINDOWS\system32\ntfwbkns.exe |17/12/2006 14:29:09
C:\WINDOWS\system32\nwkrfcck.exe |17/12/2006 13:03:34
C:\WINDOWS\system32\odabjrlj.exe |17/12/2006 14:24:21
C:\WINDOWS\system32\ogpsrlax.exe |24/11/2006 18:35:45
C:\WINDOWS\system32\ohnjbmtx.exe |11/12/2006 19:55:04
C:\WINDOWS\system32\ohpkqvys.exe |04/11/2006 18:23:01
C:\WINDOWS\system32\oprsgstw.exe |22/12/2006 19:44:52
C:\WINDOWS\system32\otfoegrk.exe |11/12/2006 21:56:35
C:\WINDOWS\system32\owyllmmu.exe |19/12/2006 17:39:53
C:\WINDOWS\system32\pfodbooc.exe |13/11/2006 23:38:04
C:\WINDOWS\system32\pgshdnsa.exe |24/11/2006 18:09:29
C:\WINDOWS\system32\phlkcrom.exe |18/11/2006 12:11:46
C:\WINDOWS\system32\pmqbsdfq.exe |26/11/2006 13:34:25
C:\WINDOWS\system32\qktboyra.exe |12/11/2006 10:51:45
C:\WINDOWS\system32\qnstnlpd.exe |16/12/2006 16:56:20
C:\WINDOWS\system32\qobxyqqr.exe |05/11/2006 21:27:39
C:\WINDOWS\system32\quwjqcea.exe |25/11/2006 15:19:49
C:\WINDOWS\system32\rbneyqpm.exe |18/12/2006 19:43:58
C:\WINDOWS\system32\redir.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\reico.exe |18/02/2005 18:17:11
C:\WINDOWS\system32\rriktdeh.exe |18/12/2006 19:10:08
C:\WINDOWS\system32\RTLCPL.EXE |28/10/2004 16:12:35
C:\WINDOWS\system32\setver.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\sgbpxmer.exe |07/11/2006 17:41:06
C:\WINDOWS\system32\share.exe |24/04/2003 13:00:00
C:\WINDOWS\system32\slrundll.exe |28/10/2004 15:27:30
C:\WINDOWS\system32\slserv.exe |28/10/2004 15:27:30
C:\WINDOWS\system32\SpoonUninstall.exe |17/04/2005 13:31:15
C:\WINDOWS\system32\sqogavnb.exe |05/11/2006 21:27:51
C:\WINDOWS\system32\stuctgge.exe |21/12/2006 19:03:24
C:\WINDOWS\system32\stxubqlj.exe |26/11/2006 11:40:49
C:\WINDOWS\system32\sufgwnyi.exe |14/11/2006 17:30:33
C:\WINDOWS\system32\svyywssj.exe |30/11/2006 22:44:10
C:\WINDOWS\system32\tdbxowgv.exe |11/12/2006 19:48:44
C:\WINDOWS\system32\tduxgeqv.exe |08/11/2006 19:29:10
C:\WINDOWS\system32\tioxqmer.exe |08/11/2006 21:09:16
C:\WINDOWS\system32\tnhgecfn.exe |15/11/2006 22:54:24
C:\WINDOWS\system32\tqdncpme.exe |12/11/2006 21:44:10
C:\WINDOWS\system32\txhihndo.exe |06/11/2006 22:10:43
C:\WINDOWS\system32\UAService7.exe |27/03/2005 14:54:25
C:\WINDOWS\system32\ubhieikw.exe |15/11/2006 17:36:05
C:\WINDOWS\system32\uglxpxxn.exe |27/11/2006 18:09:37
C:\WINDOWS\system32\Uharc.exe |18/02/2005 18:16:23
C:\WINDOWS\system32\ujopqkeq.exe |27/11/2006 20:43:06
C:\WINDOWS\system32\unutsgdr.exe |06/11/2006 21:22:44
C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 18:47:48
C:\WINDOWS\system32\usrprbda.exe |23/08/2001 18:47:48
C:\WINDOWS\system32\usrshuta.exe |23/08/2001 18:47:48
C:\WINDOWS\system32\vanlhmqa.exe |12/11/2006 17:03:43
C:\WINDOWS\system32\veeqhdea.exe |01/11/2006 19:14:33
C:\WINDOWS\system32\vfnvmtsv.exe |06/12/2006 19:16:38
C:\WINDOWS\system32\vjbmfnse.exe |25/11/2006 15:27:52
C:\WINDOWS\system32\vltjjnrm.exe |19/11/2006 18:17:10
C:\WINDOWS\system32\vsekpwgr.exe |12/11/2006 17:03:30
C:\WINDOWS\system32\vvnidnif.exe |29/11/2006 17:39:21
C:\WINDOWS\system32\vynxttnq.exe |22/11/2006 17:37:05
C:\WINDOWS\system32\waodljik.exe |16/11/2006 17:47:37
C:\WINDOWS\system32\wbxcojle.exe |20/12/2006 22:38:57
C:\WINDOWS\system32\whudvlfi.exe |05/11/2006 14:39:20
C:\WINDOWS\system32\wticjrpl.exe |19/11/2006 10:11:11
C:\WINDOWS\system32\xcbphrhg.exe |05/11/2006 18:30:34
C:\WINDOWS\system32\xcrnlyax.exe |17/12/2006 18:22:58
C:\WINDOWS\system32\xlltauir.exe |25/11/2006 19:08:10
C:\WINDOWS\system32\xonmwfdy.exe |05/11/2006 19:08:46
C:\WINDOWS\system32\xpeisose.exe |30/11/2006 18:07:37
C:\WINDOWS\system32\xsvgmppc.exe |19/12/2006 21:07:58
C:\WINDOWS\system32\xwlplaqj.exe |11/11/2006 10:53:52
C:\WINDOWS\system32\ybthtjqe.exe |12/12/2006 22:53:02
C:\WINDOWS\system32\ybulhxpc.exe |23/11/2006 17:40:01
C:\WINDOWS\system32\yifydmhf.exe |05/11/2006 21:15:40
C:\WINDOWS\system32\ylafajue.exe |09/11/2006 17:38:38
C:\WINDOWS\system32\ylorutgu.exe |19/11/2006 15:30:27
C:\WINDOWS\system32\yltenhbs.exe |15/12/2006 18:30:22
C:\WINDOWS\system32\ynktjcxl.exe |22/12/2006 18:22:32
C:\WINDOWS\system32\ytqesnjf.exe |25/11/2006 21:41:43
C:\WINDOWS\system32\yyqrwrsj.exe |17/12/2006 13:39:29
C:\WINDOWS\system32\a3d.dll |28/10/2004 16:12:34
C:\WINDOWS\system32\AcSignExt.dll |05/03/2005 13:18:09
C:\WINDOWS\system32\AcSignExtRes.dll |07/03/2005 19:00:01
C:\WINDOWS\system32\AcSignIcon.dll |05/03/2005 13:18:12
C:\WINDOWS\system32\amstream.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\ati2cqag.dll |28/10/2004 15:27:32
C:\WINDOWS\system32\ati2dvaa.dll |28/10/2004 15:27:32
C:\WINDOWS\system32\ati2dvag.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\ati2edxx.dll |29/09/2004 07:18:20
C:\WINDOWS\system32\ati2evxx.dll |29/09/2004 07:18:08
C:\WINDOWS\system32\ati3d1ag.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\ati3d2ag.dll |13/11/2003 21:10:54
C:\WINDOWS\system32\ati3duag.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\ATIDDC.DLL |29/09/2004 07:16:22
C:\WINDOWS\system32\ATIDEMGR.dll |29/09/2004 09:32:34
C:\WINDOWS\system32\atiiiexx.dll |29/09/2004 09:58:44
C:\WINDOWS\system32\atikvmag.dll |21/02/2006 19:11:02
C:\WINDOWS\system32\atioglx1.dll |21/02/2006 19:27:14
C:\WINDOWS\system32\atioglxx.dll |29/09/2004 07:44:00
C:\WINDOWS\system32\atipdlxx.dll |29/09/2004 07:18:50
C:\WINDOWS\system32\atitvo32.dll |29/09/2004 06:36:20
C:\WINDOWS\system32\ativcoxx.dll |09/11/2001 10:01:04
C:\WINDOWS\system32\ativtmxx.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\ativvaxx.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\atmfd.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\atmlib.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\Audio3D.dll |28/10/2004 16:12:34
C:\WINDOWS\system32\axgvpryj.dll |22/12/2006 18:22:25
C:\WINDOWS\system32\clrvidcc.dll |02/01/2005 21:33:57
C:\WINDOWS\system32\clrviddc.dll |11/08/1998 15:18:52
C:\WINDOWS\system32\CmdLineExt.dll |27/03/2005 14:54:25
C:\WINDOWS\system32\CNCS232.DLL |20/11/2003 14:09:09
C:\WINDOWS\system32\cncs32.dll |27/12/2005 18:15:46
C:\WINDOWS\system32\compatui.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\comypanr.dll |17/12/2006 18:48:34
C:\WINDOWS\system32\cpdymfnb.dll |22/12/2006 17:33:47
C:\WINDOWS\system32\cvfginer.dll |20/12/2006 22:39:02
C:\WINDOWS\system32\cvybqyrm.dll |02/12/2006 15:27:15
C:\WINDOWS\system32\decdnet.dll |11/08/1998 15:18:44
C:\WINDOWS\system32\dgrpsetu.dll |01/01/2002 00:07:13
C:\WINDOWS\system32\dgsetup.dll |01/01/2002 00:07:13
C:\WINDOWS\system32\dhywgghv.dll |27/11/2006 20:35:17
C:\WINDOWS\system32\DivX.dll |26/10/2004 23:38:23
C:\WINDOWS\system32\divxdec_0407.dll |26/10/2004 23:38:18
C:\WINDOWS\system32\divxdec_040c.dll |26/10/2004 23:38:18
C:\WINDOWS\system32\divxdec_0411.dll |26/10/2004 23:38:18
C:\WINDOWS\system32\divx_xx07.dll |26/10/2004 23:38:17
C:\WINDOWS\system32\divx_xx0c.dll |26/10/2004 23:38:18
C:\WINDOWS\system32\divx_xx11.dll |26/10/2004 23:38:18
C:\WINDOWS\system32\dmgrax2.dll |25/03/2005 20:32:31
C:\WINDOWS\system32\dpu10.dll |26/10/2004 23:39:03
C:\WINDOWS\system32\dpuGUI10.dll |26/10/2004 23:39:03
C:\WINDOWS\system32\dpus10.dll |26/10/2004 23:39:03
C:\WINDOWS\system32\dpv10.dll |26/10/2004 23:39:04
C:\WINDOWS\system32\efvnvkme.dll |21/12/2006 19:03:21
C:\WINDOWS\system32\elxjyalh.dll |16/11/2006 17:48:12
C:\WINDOWS\system32\encdec.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\encdnet.dll |02/01/2005 21:33:57
C:\WINDOWS\system32\EnumDev111.dll |23/10/2006 19:29:44
C:\WINDOWS\system32\EqnClass.Dll |01/01/2002 00:07:12
C:\WINDOWS\system32\fxdcbwjf.dll |19/11/2006 10:11:23
C:\WINDOWS\system32\GEARAspi.dll |19/09/2006 15:43:58
C:\WINDOWS\system32\gtmbnrcp.dll |20/12/2006 18:34:42
C:\WINDOWS\system32\hptukyk.dll |16/11/2006 17:57:26
C:\WINDOWS\system32\hpvekfro.dll |15/12/2006 19:15:40
C:\WINDOWS\system32\hsfcisp2.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\hticons.dll |28/10/2004 15:48:03
C:\WINDOWS\system32\hypertrm.dll |28/10/2004 15:48:03
C:\WINDOWS\system32\iawlppsf.dll |18/12/2006 19:15:34
C:\WINDOWS\system32\iccvid.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\ieencode.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\iehncmpu.dll |15/12/2006 18:30:07
C:\WINDOWS\system32\imagr5.dll |21/09/2000 17:02:28
C:\WINDOWS\system32\imagx5.dll |27/09/2000 16:15:06
C:\WINDOWS\system32\ImagXpr5.dll |21/09/2000 12:53:00
C:\WINDOWS\system32\inetda.dll |02/08/2001 04:11:25
C:\WINDOWS\system32\IpLib.dll |23/10/2006 19:29:44
C:\WINDOWS\system32\ir32_32.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\ir41_qc.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\ir41_qcx.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\ir50_32.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\ir50_qc.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\ir50_qcx.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\isrdbg32.dll |28/10/2004 15:48:58
C:\WINDOWS\system32\jgaw400.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\jgdw400.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\jgmd400.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\jgpl400.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\jgsd400.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\jgsh400.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\jhhlvqts.dll |18/12/2006 19:49:12
C:\WINDOWS\system32\jrharjaq.dll |20/12/2006 18:14:51
C:\WINDOWS\system32\KMVIDC32.DLL |30/11/2004 18:40:54
C:\WINDOWS\system32\kyfahway.dll |26/11/2006 11:40:41
C:\WINDOWS\system32\lvaoqfey.dll |27/11/2006 20:43:09
C:\WINDOWS\system32\mdmxsdk.dll |28/10/2004 15:27:31
C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 18:47:06
C:\WINDOWS\system32\mrvdlg.dll |28/10/2004 16:17:56
C:\WINDOWS\system32\msdmo.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\msencode.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\msttxl16.dll |24/02/1998 23:21:00
C:\WINDOWS\system32\MSWAY.dll |26/12/2005 11:09:15
C:\WINDOWS\system32\msxwnet32.dll |16/05/2001 11:52:26
C:\WINDOWS\system32\mtxparhd.dll |28/10/2004 15:27:30
C:\WINDOWS\system32\muaktpvk.dll |22/12/2006 17:02:55
C:\WINDOWS\system32\nbexprft.dll |18/12/2006 19:44:01
C:\WINDOWS\system32\njimnfjf.dll |22/12/2006 17:37:05
C:\WINDOWS\system32\nv4_disp.dll |28/10/2004 15:27:30
C:\WINDOWS\system32\odgjcuus.dll |26/11/2006 13:28:32
C:\WINDOWS\system32\odtpfici.dll |22/12/2006 19:44:55
C:\WINDOWS\system32\Oemdspif.dll |29/09/2004 07:18:36
C:\WINDOWS\system32\oigkpais.dll |23/11/2006 17:39:55
C:\WINDOWS\system32\orebdeyb.dll |13/12/2006 21:46:36
C:\WINDOWS\system32\paqsp.dll |23/08/2001 18:47:16
C:\WINDOWS\system32\pdfcmnnt.dll |26/03/2006 10:49:45
C:\WINDOWS\system32\picn20.dll |21/09/2000 07:47:10
C:\WINDOWS\system32\pnc32301.dll |02/01/2005 21:33:58
C:\WINDOWS\system32\pnc32401.dll |02/01/2005 21:33:58
C:\WINDOWS\system32\pncrt.dll |11/08/1998 15:18:44
C:\WINDOWS\system32\pndx5016.dll |26/11/2004 21:09:27
C:\WINDOWS\system32\pndx5032.dll |26/11/2004 21:09:27
C:\WINDOWS\system32\pnen3230.dll |02/01/2005 21:33:58
C:\WINDOWS\system32\pneng101.dll |02/01/2005 21:33:58
C:\WINDOWS\system32\PSIKey.dll |26/10/2004 23:38:24
C:\WINDOWS\system32\ptipbmf.dll |28/10/2004 16:18:41
C:\WINDOWS\system32\qedwipes.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\qt-mt331.dll |26/10/2004 23:39:05
C:\WINDOWS\system32\quqrbkl.dll |19/11/2006 10:13:15
C:\WINDOWS\system32\quxfwhbc.dll |18/12/2006 19:18:34
C:\WINDOWS\system32\RA3214_4.dll |11/08/1998 15:18:44
C:\WINDOWS\system32\ra3228_8.dll |11/08/1998 15:18:44
C:\WINDOWS\system32\ra32clv1.dll |11/08/1998 15:18:44
C:\WINDOWS\system32\ra32dnet.dll |11/08/1998 15:18:44
C:\WINDOWS\system32\ra32rv10.dll |11/08/1998 15:18:44
C:\WINDOWS\system32\ra32sipr.dll |11/08/1998 15:18:44
C:\WINDOWS\system32\rarv1032.dll |11/08/1998 15:18:44
C:\WINDOWS\system32\rarv10en.dll |02/01/2005 21:33:58
C:\WINDOWS\system32\rdnoxssp.dll |19/12/2006 17:44:15
C:\WINDOWS\system32\RGSS100J.dll |11/06/2005 15:48:26
C:\WINDOWS\system32\rmevents.dll |02/01/2005 21:33:58
C:\WINDOWS\system32\rmmerge2.dll |02/01/2005 21:33:58
C:\WINDOWS\system32\rmoc3260.dll |26/11/2004 21:09:32
C:\WINDOWS\system32\rnqlfsvi.dll |18/11/2006 22:50:11
C:\WINDOWS\system32\Roboex32.dll |30/01/2005 14:44:37
C:\WINDOWS\system32\RTLCPAPI.dll |28/10/2004 16:12:34
C:\WINDOWS\system32\rvoqxscq.dll |19/12/2006 21:08:22
C:\WINDOWS\system32\s3gnb.dll |28/10/2004 15:27:30
C:\WINDOWS\system32\sbe.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\SIntf16.dll |10/12/2004 17:11:20
C:\WINDOWS\system32\SIntf32.dll |10/12/2004 17:11:20
C:\WINDOWS\system32\SIntfNT.dll |10/12/2004 17:11:20
C:\WINDOWS\system32\slbcsp.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\slbiop.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\slbrccsp.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\slcoinst.dll |28/10/2004 15:27:30
C:\WINDOWS\system32\slextspk.dll |28/10/2004 15:27:30
C:\WINDOWS\system32\slgen.dll |28/10/2004 15:27:30
C:\WINDOWS\system32\spnike.dll |23/08/2001 18:47:18
C:\WINDOWS\system32\sprio600.dll |23/08/2001 18:47:18
C:\WINDOWS\system32\sprio800.dll |23/08/2001 18:47:18
C:\WINDOWS\system32\spxcoins.dll |01/01/2002 00:07:12
C:\WINDOWS\system32\swxpckm.dll |19/11/2006 10:13:15
C:\WINDOWS\system32\tsd32.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\TwnLib20.dll |26/06/2000 10:45:30
C:\WINDOWS\system32\uetvjhau.dll |06/12/2006 21:47:35
C:\WINDOWS\system32\unrar.dll |06/12/2004 20:06:06
C:\WINDOWS\system32\unzip32.dll |05/12/2004 22:08:08
C:\WINDOWS\system32\usrcntra.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrcoina.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrdpa.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrdtea.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrlbva.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrv42a.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrv80a.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrvoica.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\usrvpa.dll |23/08/2001 18:47:20
C:\WINDOWS\system32\vboxb410.dll |13/06/2001 03:52:44
C:\WINDOWS\system32\vboxp410.dll |13/06/2001 03:52:45
C:\WINDOWS\system32\vboxt410.dll |13/06/2001 03:52:45
C:\WINDOWS\system32\vrjsqmcb.dll |27/11/2006 20:40:07
C:\WINDOWS\system32\vturs.dll |05/12/2006 17:40:17
C:\WINDOWS\system32\wbhelp2.dll |02/11/2004 22:03:21
C:\WINDOWS\system32\wbqmyces.dll |22/12/2006 19:20:40
C:\WINDOWS\system32\WG1v2Lib.dll |23/10/2006 19:29:44
C:\WINDOWS\system32\wh2robo.dll |30/01/2005 14:44:37
C:\WINDOWS\system32\win87em.dll |24/04/2003 13:00:00
C:\WINDOWS\system32\WmJoyFrc.dll |21/08/2006 14:02:54
C:\WINDOWS\system32\xmlparse.dll |08/12/2004 13:09:09
C:\WINDOWS\system32\xmltok.dll |08/12/2004 13:09:09
C:\WINDOWS\system32\ysglannk.dll |18/11/2006 23:15:34
C:\WINDOWS\system32\ZPORT4AS.dll |23/01/2006 20:11:05

Le volume dans le lecteur C s'appelle Wxp
Le numéro de série du volume est 84B2-DB13

Répertoire de C:\WINDOWS\system32

19.08.2004 15:09 6'144 csrss.exe
1 fichier(s) 6'144 octets
0 Rép(s) 32'448'032'768 octets libres
Le volume dans le lecteur C s'appelle Wxp
Le numéro de série du volume est 84B2-DB13

Répertoire de C:\WINDOWS\system32

25.03.2005 20:32 860'160 dmgr2.exe
1 fichier(s) 860'160 octets
0 Rép(s) 32'448'032'768 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle Wxp
Le numéro de série du volume est 84B2-DB13

Répertoire de C:\WINDOWS\Downloaded Program Files

11.12.2006 19:07 <REP> .
11.12.2006 19:07 <REP> ..
11.04.2006 16:10 135'168 asinst.dll
03.04.2006 10:00 537 asinst.inf
17.05.2006 13:32 231'072 avsniff.dll
17.05.2006 13:29 878 avsniff.inf
17.05.2006 13:32 198'304 avsniffdlgs.dll
17.05.2006 13:26 537'704 AXXPEE.dll
09.12.2005 17:08 749 cab.inf
17.05.2006 13:29 241 CabSA.inf
06.09.2006 00:00 2'504 catalog.dat
18.11.2006 12:20 <REP> CONFLICT.1
22.12.2006 18:18 <REP> CONFLICT.2
22.12.2006 18:18 <REP> CONFLICT.3
22.12.2006 18:18 <REP> CONFLICT.4
22.12.2006 18:18 <REP> CONFLICT.5
22.12.2006 18:18 <REP> CONFLICT.6
28.10.2004 15:49 65 desktop.ini
06.09.2006 00:00 6'899 ecbootil.vxd
17.05.2006 13:26 42'112 ecmldr32.dll
06.09.2006 00:00 272'040 ecmsvr32.dll
08.09.2004 22:38 1'271 erma.inf
14.02.2003 09:32 283'296 IDrop.ocx
14.02.2003 09:34 114'848 IDropENU.dll
13.03.2003 09:58 114'600 IDropFRA.dll
10.11.2005 13:05 876 jinstall-1_5_0_06.inf
29.11.2006 14:00 367 LegitCheckControl.inf
17.05.2006 13:28 6'850 navapi.vxd
17.05.2006 13:28 201'896 navapi32.dll
06.09.2006 00:00 124'584 naveng32.dll
06.09.2006 00:00 882'344 navex32a.dll
09.12.2005 17:08 241'664 ocx_play.ocx
09.12.2005 14:47 24'576 playershim.dll
09.10.2003 10:32 144 QTPlugin.inf
17.05.2006 13:32 161'480 rufsi.dll
06.09.2006 00:00 97'552 scrauth.dat
22.06.2006 10:41 5'032 swflash.inf
06.09.2006 00:00 14 symaveng.cat
06.09.2006 00:00 901 symaveng.inf
06.09.2006 00:00 48'797 tcdefs.dat
06.09.2006 00:00 966'264 tcscan7.dat
06.09.2006 00:00 315'136 tcscan8.dat
06.09.2006 00:00 659'400 tcscan9.dat
06.09.2006 00:00 453 tinf.dat
06.09.2006 00:00 148 tinfidx.dat
06.09.2006 00:00 1'957 tinfl.dat
06.09.2006 00:00 58'587 tscan1.dat
06.09.2006 00:00 3'027 tscan1hd.dat
06.09.2006 00:00 5'116 v.grd
06.09.2006 00:00 2'261 v.sig
06.09.2006 00:00 106'244 virscan.inf
06.09.2006 00:00 966'811 virscan1.dat
06.09.2006 00:00 569'712 virscan2.dat
06.09.2006 00:00 146'612 virscan3.dat
06.09.2006 00:00 320'186 virscan4.dat
06.09.2006 00:00 2'700'020 virscan5.dat
06.09.2006 00:00 389'301 virscan6.dat
06.09.2006 00:00 4'468'258 virscan7.dat
06.09.2006 00:00 1'593'724 virscan8.dat
06.09.2006 00:00 3'622'432 virscan9.dat
06.09.2006 00:00 32 virscant.dat
08.09.2006 21:30 2'072 vscanmsx.dat
06.09.2006 00:00 224 zdone.dat
55 fichier(s) 20'637'342 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

18.11.2006 12:20 <REP> .
18.11.2006 12:20 <REP> ..
0 fichier(s) 0 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.2

22.12.2006 18:18 <REP> .
22.12.2006 18:18 <REP> ..
0 fichier(s) 0 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.3

22.12.2006 18:18 <REP> .
22.12.2006 18:18 <REP> ..
0 fichier(s) 0 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.4

22.12.2006 18:18 <REP> .
22.12.2006 18:18 <REP> ..
0 fichier(s) 0 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.5

22.12.2006 18:18 <REP> .
22.12.2006 18:18 <REP> ..
07.09.2006 12:15 227 UDC6V_0001_D19M0709NetInstaller.inf
1 fichier(s) 227 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.6

22.12.2006 18:18 <REP> .
22.12.2006 18:18 <REP> ..
0 fichier(s) 0 octets

Total des fichiers listés :
56 fichier(s) 20'637'569 octets
20 Rép(s) 32'448'028'672 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues




Liste des programmes installes

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop 6.0
Adobe Reader 7.0.8 - Français
Adobe SVG Viewer
adsl TV
Apple Software Update
Archiveur WinRAR
AsusUpdate
ATI - Utilitaire de désinstallation du logiciel
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
AutoCAD 2006 - Français
Autodesk DWF Viewer
AutoUpdate
avast! Antivirus
AVG Anti-Spyware 7.5
BitTorrent 4.0.1
CCleaner (remove only)
Command & Conquer Red Alert 2
DirectX for Managed Code Update (December 2004)
DivX Player
DivX Pro Trial
Download Accelerator Plus
EA SPORTS online 2006
Easy TM 2.4
eMule
FileZilla (remove only)
Freelancer
GeTax2005
Google Earth
Google Toolbar for Internet Explorer
Highway Pursuit v1.1
HijackThis 1.99.1
IGNMap 0.8.1
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
K700i USB-Handset Manager
Language pack for Ad-Aware SE
Lecteur Windows Media 10
Logitech Desktop Messenger
Logitech Gaming Software
Logitech SetPoint
LX Systems Download Manager
Macromedia Shockwave Player
MediaLife
MediaTickets by OIN
Messenger Plus! 3 & Sponsor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (French) 2007 (Beta)
Microsoft Office Excel MUI (French) 2007 (Beta)
Microsoft Office InfoPath MUI (French) 2007 (Beta)
Microsoft Office Outlook MUI (French) 2007 (Beta)
Microsoft Office PowerPoint MUI (French) 2007 (Beta)
Microsoft Office Professional 2007 (Beta)
Microsoft Office Professional Plus 2007 (Beta)
Microsoft Office Proof (Arabic) 2007 (Beta)
Microsoft Office Proof (Dutch) 2007 (Beta)
Microsoft Office Proof (English) 2007 (Beta)
Microsoft Office Proof (French) 2007 (Beta)
Microsoft Office Proof (German) 2007 (Beta)
Microsoft Office Proof (Spanish) 2007 (Beta)
Microsoft Office Publisher MUI (French) 2007 (Beta)
Microsoft Office Shared MUI (French) 2007 (Beta)
Microsoft Office Word MUI (French) 2007 (Beta)
Microsoft XML Parser
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
MSXML 4.0 SP2 (KB927978)
MSXML4 Parser
Nero - Burning Rom
NHL06
Package de base Microsoft de service de chiffrement pour cartes à puce
Panda ActiveScan
PDFCreator
Plasma Pong v1.2
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
Rise Of Legends
Rise Of Legends
Rise of Nations
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update pour Microsoft .NET Framework 2.0 (KB922770)
Sony Ericsson Capability Manager
Sony Ericsson Mobile Phone Monitor
Spybot - Search & Destroy 1.4
Starcraft
Steganos Internet Anonym 7.1.6
TrackMania Nations ESWC 0.1.7.5
Watchtower Library 2005 - Édition française
WebFldrs XP
WG111v2 Configuration Utility
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format Runtime
Windows XP Service Pack 2



Le volume dans le lecteur C s'appelle Wxp
Le numéro de série du volume est 84B2-DB13

Répertoire de C:\Program Files

22.12.2006 17:34 <REP> .
22.12.2006 17:34 <REP> ..
11.09.2005 12:49 <REP> A4DeskMag2
24.11.2005 18:37 <REP> Admiresoft
26.03.2006 11:33 <REP> Adobe
13.11.2006 18:27 <REP> adslTV
17.11.2005 22:30 <REP> Adverts
01.01.2002 14:00 <REP> Ahead
06.02.2006 21:55 <REP> Alwil Software
07.06.2005 21:58 <REP> America's Army
05.11.2006 13:44 <REP> AnswerWorks 4.0
06.11.2006 21:17 <REP> Apple Software Update
25.03.2005 19:06 <REP> Ashampoo
28.10.2004 15:45 <REP> ASUS
28.10.2004 16:20 <REP> ATI Technologies
02.08.2006 19:03 <REP> Audacity
05.11.2006 13:49 <REP> AutoCAD 2006
04.11.2006 21:25 <REP> Autodesk
24.11.2005 18:36 <REP> AV MP3 Player-Morpher
28.10.2004 16:12 <REP> AvRack
19.04.2005 17:36 <REP> BitTorrent
27.03.2005 20:03 <REP> BoontyGames
18.11.2006 23:03 <REP> CCleaner
12.01.2006 18:02 <REP> Clash N Slash
14.01.2006 15:33 <REP> Common Files
07.02.2006 21:16 <REP> Comodo
28.10.2004 15:48 <REP> ComPlus Applications
29.10.2006 15:16 <REP> Corel(R) Painter(TM) IX.5 TBYB FR
21.03.2005 19:10 <REP> Creative
01.01.2002 13:57 <REP> CyberLink
08.09.2006 20:18 <REP> DAP
22.11.2004 21:21 <REP> directx
20.11.2004 10:31 <REP> DivX
17.04.2006 13:28 <REP> DOSBox-0.65
15.04.2006 11:42 <REP> D-Tools
18.11.2006 12:12 <REP> Easy TM
02.01.2002 16:26 <REP> eMule
21.06.2005 17:15 <REP> eoRezo
19.11.2006 13:26 <REP> Fichiers communs
03.04.2006 18:42 <REP> FileZilla
27.06.2005 21:22 <REP> FlashFXP
02.11.2006 22:05 <REP> F-Secure
11.03.2005 17:33 <REP> Game_Maker6
26.03.2006 11:34 <REP> GeTax2005
31.10.2006 21:26 <REP> Google
22.12.2006 17:10 <REP> Grisoft
30.04.2005 19:00 <REP> GSC Game World
12.09.2005 20:08 <REP> IDM Computer Solutions
18.12.2006 22:13 <REP> IGN
24.09.2006 12:39 <REP> IKEA HomePlanner
17.04.2005 13:31 <REP> Illustrate
28.10.2004 16:03 <REP> Intel
11.01.2006 18:47 <REP> InterActual
17.12.2006 18:21 <REP> Internet Explorer
06.11.2006 21:21 <REP> iPod
06.11.2006 21:22 <REP> iTunes
13.11.2006 18:41 <REP> Java
08.12.2004 12:57 <REP> K700i USB-Handset Manager
04.11.2006 16:24 <REP> Lavasoft
27.12.2005 12:02 <REP> Lecteur CANALPLAY
17.06.2006 13:00 <REP> LimeWire
21.08.2006 14:02 <REP> Logitech
15.05.2005 16:17 <REP> LucasFan Games
25.03.2005 20:32 <REP> LX Download Manager
23.01.2006 20:24 <REP> Messenger
24.09.2006 12:33 <REP> Messenger Plus! 3
28.10.2004 15:50 <REP> microsoft frontpage
23.05.2006 16:36 <REP> Microsoft Games
05.11.2006 13:44 <REP> Microsoft Office
02.07.2006 20:05 <REP> Microsoft Visual Studio
02.07.2006 20:04 <REP> Microsoft Works
02.07.2006 20:04 <REP> Microsoft.NET
16.12.2006 16:54 <REP> Movie Maker
09.01.2006 17:35 <REP> Mozilla Firefox
02.07.2006 20:05 <REP> MSBuild
28.10.2004 15:48 <REP> MSN
28.10.2004 15:48 <REP> MSN Gaming Zone
02.11.2006 22:24 <REP> MSN Messenger
17.11.2006 19:02 <REP> MSXML 4.0
12.09.2005 17:19 <REP> MUSICMATCH
19.04.2005 20:10 <REP> NASA
23.10.2006 19:29 <REP> NETGEAR
28.10.2004 15:26 <REP> NetMeeting
07.09.2006 14:40 <REP> Notepad++
04.01.2002 18:33 <REP> OfficeUpdate11
11.12.2006 19:03 <REP> Opera
16.12.2006 16:54 <REP> Outlook Express
26.03.2006 10:50 <REP> PDFCreator
16.05.2005 17:39 <REP> PeerGuardian pr14
09.03.2005 18:13 <REP> Plustech Inc
27.03.2005 13:48 <REP> PopCap Games
06.11.2006 21:20 <REP> QuickTime
26.11.2004 21:09 <REP> Real
28.10.2004 16:12 <REP> Realtek Sound Manager
21.08.2006 14:07 <REP> ReflexiveArcade
18.02.2005 18:07 <REP> ScreenSaver
23.01.2006 20:26 <REP> Secure Surfing Engine
28.10.2004 15:48 <REP> Services en ligne
28.09.2006 10:59 <REP> Sony Ericsson
01.05.2006 16:03 <REP> Spybot - Search & Destroy
04.11.2006 20:08 <REP> Spybot - Search & Destroy2
23.01.2006 20:26 <REP> Steganos Internet Anonym 7
27.12.2005 12:03 <REP> StreetFighter Flash
17.06.2006 12:53 <REP> TheTurtle
07.02.2006 18:22 <REP> Trustix
31.07.2005 12:04 <REP> Ubi Soft
08.12.2004 13:09 <REP> Ubisoft
01.06.2005 22:14 <REP> Ulead Systems
17.06.2006 12:59 <REP> Visicom Media
17.06.2005 19:32 <REP> VoipBuster.com
22.12.2006 18:22 <REP> VSAdd-in
15.04.2006 12:11 <REP> VVSN
20.02.2006 19:44 <REP> Watchtower
09.03.2006 22:47 <REP> Webteh
18.11.2006 22:51 <REP> Windows Defender
05.11.2004 17:41 <REP> Windows Media Components
04.09.2006 19:43 <REP> Windows Media Connect 2
16.12.2006 16:54 <REP> Windows Media Player
28.10.2004 15:26 <REP> Windows NT
27.08.2005 19:55 <REP> WinHex
23.01.2006 20:26 <REP> WinRAR
28.10.2004 15:50 <REP> xerox
19.11.2006 13:26 <REP> ?ssembly
04.11.2006 12:26 <REP> ??stem
0 fichier(s) 0 octets
124 Rép(s) 32'447'733'760 octets libres
Le volume dans le lecteur C s'appelle Wxp
Le numéro de série du volume est 84B2-DB13

Répertoire de C:\Program Files\fichiers communs

19.11.2006 13:26 <REP> .
19.11.2006 13:26 <REP> ..
26.03.2006 11:33 <REP> Adobe
05.11.2006 13:50 <REP> Autodesk Shared
05.08.2006 10:52 <REP> AVSMedia
05.11.2006 13:44 <REP> DESIGNER
21.11.2004 15:01 <REP> InstallShield
05.09.2006 20:30 <REP> Java
21.08.2006 14:02 <REP> Logitech
03.11.2004 19:17 <REP> Macrovision Shared
05.11.2006 13:44 <REP> Microsoft Shared
28.10.2004 15:48 <REP> MSSoap
01.01.2002 00:07 <REP> ODBC
24.09.2006 12:54 <REP> Panda Software
26.11.2004 21:09 <REP> Real
28.10.2004 15:48 <REP> Services
01.01.2002 00:07 <REP> SpeechEngines
20.06.2006 20:39 <REP> Synacast
16.12.2006 14:55 <REP> System
28.09.2006 10:59 <REP> Teleca Shared
26.11.2004 21:09 <REP> xing shared
22.12.2006 18:18 <REP> {84B2DB13-0C7E-1036-0924-040307090029}
0 fichier(s) 0 octets
22 Rép(s) 32'447'741'952 octets libres
Le volume dans le lecteur C s'appelle Wxp
Le numéro de série du volume est 84B2-DB13

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

02.07.2006 20:05 <REP> .
02.07.2006 20:05 <REP> ..
04.01.2002 18:27 <REP> 1033
02.07.2006 19:59 <REP> 1036
25.04.2006 20:33 967'952 MSONSEXT.DLL
02.05.2006 18:37 40'208 MSOSV.DLL
03.06.1999 13:09 122'937 MSOWS409.DLL
07.03.2001 08:00 127'033 MSOWS40c.DLL
11.07.2003 02:25 80'448 PKMWS.DLL
5 fichier(s) 1'338'578 octets
4 Rép(s) 32'447'741'952 octets libres
Le volume dans le lecteur C s'appelle Wxp
Le numéro de série du volume est 84B2-DB13

Répertoire de C:\Program Files\common files

14.01.2006 15:33 <REP> .
14.01.2006 15:33 <REP> ..
21.08.2006 17:33 <REP> EasyInfo
20.02.2005 12:17 <REP> Stardock
0 fichier(s) 0 octets
4 Rép(s) 32'447'741'952 octets libres
Le volume dans le lecteur C s'appelle Wxp
Le numéro de série du volume est 84B2-DB13

Répertoire de C:\

11.11.2001 00:00 68'096 diff.exe
27.08.2006 14:10 103'424 grep.exe
31.10.2005 16:56 700'416 StubInstaller.exe
24.05.2001 11:59 162'304 UNWISE.EXE
4 fichier(s) 1'034'240 octets
0 Rép(s) 32'447'737'856 octets libres
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe
c:\Documents and Settings\Wxp\.limewire\.NetworkShare\LimeWireWin4.10.5.exe
c:\Documents and Settings\Wxp\.limewire\.NetworkShare\Incomplete\T-2840440-LimeWireWin4.10.9.exe
c:\Documents and Settings\Wxp\Bureau\avgas-setup-7.5.0.50.exe
c:\Documents and Settings\Wxp\Bureau\blbeta.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Wxp\Bureau\VundoFix.exe
c:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Wxp\Bureau\newbie\crackme1.exe
c:\Documents and Settings\Wxp\Bureau\newbie\stega11.exe
c:\Documents and Settings\Wxp\Bureau\newbie\stega22.exe
c:\Documents and Settings\Wxp\Bureau\newbie\stega4.exe
c:\Documents and Settings\Wxp\Bureau\newbie\HexDecCharEditor\HexDecCharEditor.exe
c:\Documents and Settings\Wxp\Bureau\newbie\Nouveau dossier\ocamlq-public[1].exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Wxp\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Wxp\Bureau\Steganos Updates\sia7int.exe
c:\Documents and Settings\Wxp\Local Settings\Temp\AutoRun.exe
c:\Documents and Settings\Wxp\Mes documents\Ma musique\Adoprixtixics\4dsportdriving\LOAD.EXE
c:\Documents and Settings\Wxp\Mes documents\Ma musique\Adoprixtixics\4dsportdriving\SETUP.EXE
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{05D79D39-D5A6-4866-9582-579B32CEA05A}\mpengine.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Wxp\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll



Et celui d'HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 11:16:30, on 23.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {61C40C3D-BDD2-B627-D189-C569348CDBE4} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0964344D-C233-DAF1-2ADC-08C2A8D60810} - C:\WINDOWS\system32\hptukyk.dll
O2 - BHO: (no name) - {2527DC3F-C7A0-CF37-33EA-0525C1600A34} - C:\WINDOWS\system32\quqrbkl.dll
O2 - BHO: (no name) - {36068946-CD51-1AC7-C4AD-044557583146} - C:\WINDOWS\system32\lctsupj.dll (file missing)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\hpvekfro.dll
O2 - BHO: (no name) - {42E53C82-E11D-E01B-A428-084851DB6947} - C:\WINDOWS\system32\yzivngl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {61E91E9C-BF33-6A6A-7BFC-00B25F19A7AE} - C:\WINDOWS\system32\urwzhx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D60B6578-737A-4422-99B4-0ABEDEBA0C17} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Steganos Internet Anonyme - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\qvlaojwx.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://video.vividas.com/CDN1/4325_Pepsi/web/player/vivid_ocx.jpeg
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F9CDB8-BF58-4289-8669-EEA83434ED2E}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program

Bonjour

Voilà à quoi ressemble Vundo
http://www.secuser.com/alertes/2005/vundo-virtumonde.htm


Ces rapports montrent de très nombreuses infections.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer


1 Télécharge eScan Antivirus Toolkit
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué ci-après

Voici comment mettre l'outil à jour :

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.

Ne pas lancer le scan tout de suite !


2 Télécharge ceci
http://www.outerinfo.com/OiUninstaller.exe
Sauvegarde le sur le Bureau.
Regarde si tu as ces programmes dans Ajout/suppression de programmes. Désinstalle les si présent.

Oin
Purityscan by Oin
Snowballwars by Oin
Yazzle by Oin
ou d'autres similaires avec Oin ou Outerinfo dedans
Cowabanga
MediaTickets
Tizzletalk
Zolero

Lance OiUninstaller.exe
Entre le code qui apparait.
Clique sur Uninstall.
Clique sur OK ensuite.


3 Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.


4 Relance un scan HijackThis et coche les lignes ci-dessous :

R3 - URLSearchHook: (no name) - {61C40C3D-BDD2-B627-D189-C569348CDBE4} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0964344D-C233-DAF1-2ADC-08C2A8D60810} - C:\WINDOWS\system32\hptukyk.dll
O2 - BHO: (no name) - {2527DC3F-C7A0-CF37-33EA-0525C1600A34} - C:\WINDOWS\system32\quqrbkl.dll
O2 - BHO: (no name) - {36068946-CD51-1AC7-C4AD-044557583146} - C:\WINDOWS\system32\lctsupj.dll (file missing)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\hpvekfro.dll
O2 - BHO: (no name) - {42E53C82-E11D-E01B-A428-084851DB6947} - C:\WINDOWS\system32\yzivngl.dll (file missing)
O2 - BHO: (no name) - {61E91E9C-BF33-6A6A-7BFC-00B25F19A7AE} - C:\WINDOWS\system32\urwzhx.dll (file missing)
O2 - BHO: (no name) - {D60B6578-737A-4422-99B4-0ABEDEBA0C17} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\qvlaojwx.dll",setvm
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://video.vividas.com/CDN1/4325_Pepsi/web/player/vivid_ocx.jpeg
O18 - Protocol: bw+0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


5 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :

VSAdd-in
VVSN
?ssembly
??stem


6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Program Files\VSAdd-in
C:\Program Files\VVSN
C:\Program Files\?ssembly
C:\Program Files\??stem


7 Lance le nettoyage avec CCleaner


8 Lance eScan
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.

3.) Il est très important de bien cocher ces boîtes sous Scan Option
Memory, Registry, Startup Folders, System Folders, Services.

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

Ferme le programme.


9 Redémarre normalement


10 Télécharge DrWeb
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

La version est automatiquement à jour.
Installe le.
Lance le.
Une analyse des processus se lance.
Ensuite, choisis le lecteur à scanner et lance l'analyse.
Sauvegarde le rapport.

Poste ces trois rapports :
- un nouveau log HijackThis.
- celui d'escan
- celui de DrWeb

Attention, il faudra peut être les poster en deux messages si c'est trop long (ton dernier HijackThis était tronqué).
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

Alors j'ai télécharger le premier fichier Escan mais quand je veux prendre le second :

http://www.outerinfo.com/OiUninstaller.exe

il me met que c'est interdis pour ma sécurité. Et aussi mon mode sans-échec ne fonctionne pas, il plante après avoir chargé et me laisse avec "mode sans échec dans les coins".

Donc je ne sais pas si c'est parceque je ne suis pas assez patien (il lui faut déjà 5min) pour se lancer, ou si mon ordi bug pour le mode sans échec.

Qui te met que c'est interdit ?

Si c'est ton antivirus, désactive le temporairement le temps du téléchargement.
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

J'ai cette fenêtre qui apparais même je stop avast :

http://img293.imageshack.us/img293/3884/messagederreur2ii5.jpg

Et pour le coups du mode sans échec, c'est normale ou y faut faire quelque chose d'autre ?

Bonjour

Pour pouvoir télécharger ce fichier, il faut configurer le niveau de sécurité IE sur Moyen.

Si tu n'y arrives toujours pas, dans l'étape 1 tu fais uniquement la désinstallation des programmes trouvés.
Et tu continues la manip.
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

Bon alors je vais poster sur 3 réponse 1 rapport par réponse :

Rapport d'Hijack :

Logfile of HijackThis v1.99.1
Scan saved at 16:18:45, on 26.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D60B6578-737A-4422-99B4-0ABEDEBA0C17} - (no file)
O3 - Toolbar: Steganos Internet Anonyme - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F9CDB8-BF58-4289-8669-EEA83434ED2E}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {C67A9ECA-D2AF-4C2D-9CC8-E1B4AD2511C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

Rapport d'eScan :

File C:\WINDOWS\system32\agfherdb.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\aolelmeq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\aqusnwid.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\audimhij.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\aupgnxlj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\bbjudflx.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\bddoirhx.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\bifvcaqc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\cgtyqlrr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\cjgiktsa.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ckxhgpdf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\comypanr.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\crdwqqep.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\cvybqyrm.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\ddvvohgd.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\difwtfvm.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\dikmwqyc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\dqacyhwy.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\dunxmasq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\duoollxq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\edeeccww.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\elsdjceh.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\elxjyalh.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\eoffqsqk.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\fopwmgdy.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ftboxnxl.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\fvsidooy.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\fxdcbwjf.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\gardhtfc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\gobrxtwv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\gvopwqdu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\hgcddihu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\hjqqbfii.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\hxdfpeav.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\iawlppsf.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\ikicnabt.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\iuviiqct.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\jhhlvqts.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\jkrmhoip.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\krplutvf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\kvrmyshi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\kyfahway.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\ldguntat.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\lvaoqfey.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\lvvoqgqi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\mcldsfkv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\mgxpvprt.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\musqllhf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\mydcfiom.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\nbexprft.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\nfqwphvg.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\nloyoorh.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\nnddeawh.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\odgjcuus.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\ogpsrlax.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ohpkqvys.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\oigkpais.dll infected by "Trojan.Win32.BHO.o" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\orebdeyb.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\pfodbooc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\pgshdnsa.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\phlkcrom.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\pmqbsdfq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\qktboyra.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\qobxyqqr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\quwjqcea.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\rdnoxssp.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\rnqlfsvi.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\sgbpxmer.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\sqogavnb.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\stxubqlj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\sufgwnyi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\tduxgeqv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\tioxqmer.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\tnhgecfn.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\tqdncpme.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\txhihndo.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ubhieikw.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\uetvjhau.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\unutsgdr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vanlhmqa.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\veeqhdea.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vjbmfnse.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vltjjnrm.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vrjsqmcb.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\vsekpwgr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vynxttnq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\waodljik.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\whudvlfi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\wticjrpl.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xcbphrhg.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xlltauir.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xonmwfdy.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xwlplaqj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ybulhxpc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\yifydmhf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ylafajue.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ylorutgu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ysglannk.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\ytqesnjf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Wxp\Bureau\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Documents and Settings\Wxp\Bureau\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP684\A0179308.exe infected by "Trojan-Proxy.Win32.Horst.av" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP703\A0190034.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739\A0203977.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739\A0203978.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ev. No Action Taken.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739\A0203979.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ev. No Action Taken.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739\A0203981.dll infected by "not-virus:Hoax.Win32.Renos.fw" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739\A0204022.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.fj. No Action Taken.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204289.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204290.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204291.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204292.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204293.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204294.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204295.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204296.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204297.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204298.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204299.dll infected by "Trojan.Win32.BHO.o" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204300.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204301.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204302.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204303.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204304.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742\A0204305.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
File C:\VundoFix Backups\vtsqq.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.fj. No Action Taken.
File C:\WINDOWS\system32\agfherdb.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\aolelmeq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\aqusnwid.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\audimhij.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\aupgnxlj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\bbjudflx.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\bddoirhx.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\bifvcaqc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\cgtyqlrr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\cjgiktsa.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ckxhgpdf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\crdwqqep.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ddvvohgd.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\difwtfvm.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\dikmwqyc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\dqacyhwy.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\dunxmasq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\duoollxq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\edeeccww.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\elsdjceh.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\eoffqsqk.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\fopwmgdy.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ftboxnxl.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\fvsidooy.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\gardhtfc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\gobrxtwv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\gvopwqdu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\hgcddihu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\hjqqbfii.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\hxdfpeav.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ikicnabt.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\iuviiqct.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\jkrmhoip.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\krplutvf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\kvrmyshi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ldguntat.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\lvvoqgqi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\mcldsfkv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\mgxpvprt.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\musqllhf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\mydcfiom.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\nfqwphvg.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\nloyoorh.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\nnddeawh.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ogpsrlax.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ohpkqvys.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\pfodbooc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\pgshdnsa.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\phlkcrom.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\pmqbsdfq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\qktboyra.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\qobxyqqr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\quwjqcea.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\sgbpxmer.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\sqogavnb.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\stxubqlj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\sufgwnyi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\tduxgeqv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\tioxqmer.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\tnhgecfn.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\tqdncpme.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\txhihndo.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ubhieikw.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\unutsgdr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vanlhmqa.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\veeqhdea.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vjbmfnse.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vltjjnrm.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vsekpwgr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\vynxttnq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\waodljik.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\whudvlfi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\wticjrpl.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xcbphrhg.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xlltauir.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xonmwfdy.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xwlplaqj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ybulhxpc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\yifydmhf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ylafajue.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ylorutgu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ytqesnjf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
Messages postés
21
Date d'inscription
mercredi 20 décembre 2006
Statut
Membre
Dernière intervention
8 février 2008

Et enfin celui du DrWeb :

Fport.exeC:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelpProgram.FPort.20
pslist.exeC:\Documents and Settings\Wxp\Bureau\DiagHelp\DiagHelpProgram.PsList.126
Process.exeC:\Documents and Settings\Wxp\Bureau\SmitfraudFixTool.Prockill
restart.exeC:\Documents and Settings\Wxp\Bureau\SmitfraudFixTool.ShutDown.11
backup-20061226-111705-126.dllC:\HijackThis\backupsTrojan.DownLoader.based
backup-20061226-111705-436.dllC:\HijackThis\backupsTrojan.DownLoader.based
A0190033.exeC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP703Tool.Prockill
A0190035.exeC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP703Tool.ShutDown.11
A0203977.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739Adware.Softomate
A0203978.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739Trojan.Virtumod
A0203979.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739Trojan.Virtumod
A0203980.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739Trojan.Virtumod
A0204009.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739Trojan.DownLoader.based
A0204022.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP739Trojan.Virtumod
A0204119.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP740Trojan.Juan
A0204120.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP740Adware.TopSearch
A0204121.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP740Trojan.Juan
A0204282.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742Trojan.DownLoader.based
A0204283.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742Trojan.DownLoader.based
A0204325.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742Trojan.DownLoader.based
A0204326.dllC:\System Volume Information\_restore{4238CCEF-BE7E-48F1-8B9D-42C70192F096}\RP742Trojan.DownLoader.based
urwzhx.dll.badC:\VundoFix BackupsTrojan.DownLoader.based
vtsqq.dll.badC:\VundoFix BackupsTrojan.Virtumod
agfherdb.exeC:\WINDOWS\system32Adware.SearchColours
amwskrut.exeC:\WINDOWS\system32Adware.TopSearch
aolelmeq.exeC:\WINDOWS\system32Adware.SearchColours
aqusnwid.exeC:\WINDOWS\system32Adware.SearchColours
astpbqig.exeC:\WINDOWS\system32Adware.TopSearch
audimhij.exeC:\WINDOWS\system32Adware.SearchColours
aupgnxlj.exeC:\WINDOWS\system32Adware.SearchColours
bbjudflx.exeC:\WINDOWS\system32Adware.SearchColours
bddoirhx.exeC:\WINDOWS\system32Adware.SearchColours
bifvcaqc.exeC:\WINDOWS\system32Adware.SearchColours
bldhynhq.exeC:\WINDOWS\system32Adware.TopSearch
bnyvvhbm.exeC:\WINDOWS\system32Adware.TopSearch
cdjwyfix.exeC:\WINDOWS\system32Adware.TopSearch
cfvbcrlo.exeC:\WINDOWS\system32Adware.TopSearch
cgfvpsjm.exeC:\WINDOWS\system32Adware.TopSearch
cgtyqlrr.exeC:\WINDOWS\system32Adware.SearchColours
cjgiktsa.exeC:\WINDOWS\system32Adware.SearchColours
ckxhgpdf.exeC:\WINDOWS\system32Adware.SearchColours
crdwqqep.exeC:\WINDOWS\system32Adware.SearchColours
ddvvohgd.exeC:\WINDOWS\system32Adware.SearchColours
dhywgghv.dllC:\WINDOWS\system32Trojan.Juan
difwtfvm.exeC:\WINDOWS\system32Adware.SearchColours
dikmwqyc.exeC:\WINDOWS\system32Adware.SearchColours
dowllovy.exeC:\WINDOWS\system32Adware.TopSearch
dqacyhwy.exeC:\WINDOWS\system32Adware.SearchColours
dqxktplr.exeC:\WINDOWS\system32Adware.TopSearch
dtsijbas.exeC:\WINDOWS\system32Adware.TopSearch
duajsngx.exeC:\WINDOWS\system32Adware.TopSearch
dunxmasq.exeC:\WINDOWS\system32Adware.SearchColours
duoollxq.exeC:\WINDOWS\system32Adware.SearchColours
dwarqyok.exeC:\WINDOWS\system32Adware.TopSearch
ealavluy.exeC:\WINDOWS\system32Adware.TopSearch
edeeccww.exeC:\WINDOWS\system32Adware.SearchColours
elsdjceh.exeC:\WINDOWS\system32Adware.SearchColours
eoffqsqk.exeC:\WINDOWS\system32Adware.SearchColours
exrkvkgu.exeC:\WINDOWS\system32Adware.TopSearch
fopwmgdy.exeC:\WINDOWS\system32Adware.SearchColours
fskmtsbm.exeC:\WINDOWS\system32Adware.TopSearch
ftboxnxl.exeC:\WINDOWS\system32Adware.SearchColours
fvsidooy.exeC:\WINDOWS\system32Adware.SearchColours
gardhtfc.exeC:\WINDOWS\system32Adware.SearchColours
gktfxipw.exeC:\WINDOWS\system32Adware.TopSearch
gncopicl.exeC:\WINDOWS\system32Adware.TopSearch
gobrxtwv.exeC:\WINDOWS\system32Adware.SearchColours
guxarogi.exeC:\WINDOWS\system32Adware.TopSearch
gvopwqdu.exeC:\WINDOWS\system32Adware.SearchColours
gyjqeywt.exeC:\WINDOWS\system32Adware.TopSearch
hgcddihu.exeC:\WINDOWS\system32Adware.SearchColours
hjqqbfii.exeC:\WINDOWS\system32Adware.SearchColours
hsrjerlt.exeC:\WINDOWS\system32Adware.TopSearch
hxdfpeav.exeC:\WINDOWS\system32Adware.SearchColours
ikicnabt.exeC:\WINDOWS\system32Adware.SearchColours
imonihvr.exeC:\WINDOWS\system32Adware.TopSearch
itdgccxx.exeC:\WINDOWS\system32Adware.TopSearch
iuviiqct.exeC:\WINDOWS\system32Adware.SearchColours
jkrmhoip.exeC:\WINDOWS\system32Adware.SearchColours
katadsql.exeC:\WINDOWS\system32Adware.TopSearch
krplutvf.exeC:\WINDOWS\system32Adware.SearchColours
ksmnegtd.exeC:\WINDOWS\system32Adware.TopSearch
kunweeey.exeC:\WINDOWS\system32Adware.TopSearch
kvrmyshi.exeC:\WINDOWS\system32Adware.SearchColours
ldguntat.exeC:\WINDOWS\system32Adware.SearchColours
lvvoqgqi.exeC:\WINDOWS\system32Adware.SearchColours
mcldsfkv.exeC:\WINDOWS\system32Adware.SearchColours
mgxpvprt.exeC:\WINDOWS\system32Adware.SearchColours
mjwgqnkh.exeC:\WINDOWS\system32Adware.TopSearch
musqllhf.exeC:\WINDOWS\system32Adware.SearchColours
mvtnxnrp.exeC:\WINDOWS\system32Adware.TopSearch
mydcfiom.exeC:\WINDOWS\system32Adware.SearchColours
mykecmyy.exeC:\WINDOWS\system32Adware.TopSearch
ndjhporp.exeC:\WINDOWS\system32Adware.TopSearch
nfqwphvg.exeC:\WINDOWS\system32Adware.SearchColours
nhsraulq.exeC:\WINDOWS\system32Adware.TopSearch
nloyoorh.exeC:\WINDOWS\system32Adware.SearchColours
nnddeawh.exeC:\WINDOWS\system32Adware.SearchColours
ntfwbkns.exeC:\WINDOWS\system32Adware.TopSearch
nwkrfcck.exeC:\WINDOWS\system32Adware.TopSearch
odabjrlj.exeC:\WINDOWS\system32Adware.TopSearch
ogpsrlax.exeC:\WINDOWS\system32Adware.SearchColours
ohnjbmtx.exeC:\WINDOWS\system32Adware.TopSearch
ohpkqvys.exeC:\WINDOWS\system32Adware.SearchColours
oprsgstw.exeC:\WINDOWS\system32Adware.TopSearch
otfoegrk.exeC:\WINDOWS\system32Adware.TopSearch
owyllmmu.exeC:\WINDOWS\system32Adware.TopSearch
pfodbooc.exeC:\WINDOWS\system32Adware.SearchColours
pgshdnsa.exeC:\WINDOWS\system32Adware.SearchColours
phlkcrom.exeC:\WINDOWS\system32Adware.SearchColours
pmqbsdfq.exeC:\WINDOWS\system32Adware.SearchColours
qktboyra.exeC:\WINDOWS\system32Adware.SearchColours
qnstnlpd.exeC:\WINDOWS\system32Adware.TopSearch
qobxyqqr.exeC:\WINDOWS\system32Adware.SearchColours
quwjqcea.exeC:\WINDOWS\system32Adware.SearchColours
rbneyqpm.exeC:\WINDOWS\system32Adware.TopSearch
rriktdeh.exeC:\WINDOWS\system32Adware.TopSearch
sgbpxmer.exeC:\WINDOWS\system32Adware.SearchColours
sqogavnb.exeC:\WINDOWS\system32Adware.SearchColours
stuctgge.exeC:\WINDOWS\system32Adware.TopSearch
stxubqlj.exeC:\WINDOWS\system32Adware.SearchColours
sufgwnyi.exeC:\WINDOWS\system32Adware.SearchColours
svyywssj.exeC:\WINDOWS\system32Adware.TopSearch
tdbxowgv.exeC:\WINDOWS\system32Adware.TopSearch
tduxgeqv.exeC:\WINDOWS\system32Adware.SearchColours
tioxqmer.exeC:\WINDOWS\system32Adware.SearchColours
tnhgecfn.exeC:\WINDOWS\system32Adware.SearchColours
tqdncpme.exeC:\WINDOWS\system32Adware.SearchColours
txhihndo.exeC:\WINDOWS\system32Adware.SearchColours
ubhieikw.exeC:\WINDOWS\system32Adware.SearchColours
uglxpxxn.exeC:\WINDOWS\system32Adware.TopSearch
ujopqkeq.exeC:\WINDOWS\system32Adware.TopSearch
unutsgdr.exeC:\WINDOWS\system32Adware.SearchColours
vanlhmqa.exeC:\WINDOWS\system32Adware.SearchColours
veeqhdea.exeC:\WINDOWS\system32Adware.SearchColours
vfnvmtsv.exeC:\WINDOWS\system32Adware.TopSearch
vjbmfnse.exeC:\WINDOWS\system32Adware.SearchColours
vltjjnrm.exeC:\WINDOWS\system32Adware.SearchColours
vsekpwgr.exeC:\WINDOWS\system32Adware.SearchColours
vvnidnif.exeC:\WINDOWS\system32Adware.TopSearch
vynxttnq.exeC:\WINDOWS\system32Adware.SearchColours
waodljik.exeC:\WINDOWS\system32Adware.SearchColours
wbxcojle.exeC:\WINDOWS\system32Adware.TopSearch
whudvlfi.exeC:\WINDOWS\system32Adware.SearchColours
wticjrpl.exeC:\WINDOWS\system32Adware.SearchColours
xcbphrhg.exeC:\WINDOWS\system32Adware.SearchColours
xcrnlyax.exeC:\WINDOWS\system32Adware.TopSearch
xlltauir.exeC:\WINDOWS\system32Adware.SearchColours
xonmwfdy.exeC:\WINDOWS\system32Adware.SearchColours
xpeisose.exeC:\WINDOWS\system32Adware.TopSearch
xsvgmppc.exeC:\WINDOWS\system32Adware.TopSearch
xwlplaqj.exeC:\WINDOWS\system32Adware.SearchColours
ybthtjqe.exeC:\WINDOWS\system32Adware.TopSearch
ybulhxpc.exeC:\WINDOWS\system32Adware.SearchColours
yifydmhf.exeC:\WINDOWS\system32Adware.SearchColours
ylafajue.exeC:\WINDOWS\system32Adware.SearchColours
ylorutgu.exeC:\WINDOWS\system32Adware.SearchColours
yltenhbs.exeC:\WINDOWS\system32Adware.TopSearch
ynktjcxl.exeC:\WINDOWS\system32Adware.TopSearch
ytqesnjf.exeC:\WINDOWS\system32Adware.SearchColours
yyqrwrsj.exeC:\WINDOWS\system32Adware.TopSearch

Bonjour

Du ménage vient d'être fait. HijackThis est propre.

Mais pour le scan d'eScan, tu n'as pas supprimer les fichiers, c'est marqué No Action Taken..

Tu vas refaire ceci en mode normal

8 Lance eScan 
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky 

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran. 

3.) Il est très important de bien cocher ces boîtes sous Scan Option 
Memory, Registry, Startup Folders, System Folders, Services. 

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\. 

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files. 

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite ! 

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum. 


Poste le rapport avec un nouveau DiagHelp. Poste le en deux messages, ce sera trop long.