Sujet Précédent Sujet Suivant

Wincacontrol.exe

Fermé
jojo - 4 janv. 2007 à 11:59
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 - 24 janv. 2007 à 12:17
cette application prend 99% des ressources processeurs (peu de mémoire cela-dit).
Je ne vois pas à quoi elle correspond.

Pouvez-vous m'en dire plus ?

http://img164.imageshack.us/img164/8206/wincacontrol1pf2.jpg
http://img186.imageshack.us/img186/1917/wincacontrol2qo9.jpg

33 réponses

Précédent
  • 1
  • 2
Réponse 21 / 33
jojo
10 janv. 2007 à 15:54
Vous pouvez me réinterpéter ça svp (scan hijack d'aujourdh'ui), car j'ai l'impression que ça re-déconne. /
Dites-moi si je me trompe.

Logfile of HijackThis v1.99.1
Scan saved at 15:50:32, on 10/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\NOBRAND\802.11g Wireless USB Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\BOULANGER\Bureau\WH GBP Casino.lnk
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\BOULANGER\Bureau\WH GBP Casino.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JEROME
O17 - HKLM\Software\..\Telephony: DomainName = JEROME
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = JEROME
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = JEROME
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4DA190A6-75F4-430B-80B2-C5740633634A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
0
Réponse 22 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
10 janv. 2007 à 21:22
Bonjour,

qu'est-ce que c'est que
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\BOULANGER\Bureau\WH GBP Casino.lnk
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\BOULANGER\Bureau\WH GBP Casino.lnk

0
Réponse 23 / 33
jojo
11 janv. 2007 à 20:26
ben j'en sais rien ! c'est vous le chef, ici !
0
Réponse 24 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
11 janv. 2007 à 21:58
bonsoir,

je ne suis pas chef, mais j'ai rien trouvé de bien intéressant concernant ton "truc". Et puis sur le bureau tu dois bien savoir ce que c'est ?
c'est récent ? depuis quand est-il là ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 33
jojo
15 janv. 2007 à 19:45
Salut!
Ben, j'ai bein réfléchi. Si ça se trouve sur le bureau, ça doit etre un raccourci vers "William Hill Poker".

Sinon, j'ai un autre PC, qui lui a connu un nombre important de problèmes ces dernières années... je profite du fait que tu m'aies fait connaitre Hijackthis et Antivir pour te demander s'il y a du ménage à faire dans le falsh Hijack que voici (normalement, y en a à faire) :

Logfile of HijackThis v1.99.1
Scan saved at 19:21:20, on 15/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\bcmwltry.exe
D:\Program Files\Lexmark 2300 Series\ezprint.exe
D:\WINDOWS\System32\atiptaxx.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\lxcgcoms.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe
D:\Documents and Settings\wam\Local Settings\Temporary Internet Files\Content.IE5\8NR8ZJWG\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {3873A5A5-C3F8-4830-ABF5-9C83C8347B09} - D:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy Gif Animator Toolbar - {8AAE1BCA-A973-423F-9232-7007D8CED2C7} - D:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [lxcgmon.exe] "D:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "d:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{47FD4825-B786-46FF-B1B3-11B00E6F2CD4}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD2B1EA1-3B84-423A-91CE-62D6BB954E0D}: NameServer = 80.10.246.1,80.10.246.132
O18 - Protocol: bw+0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - Unknown owner - D:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
0
Réponse 26 / 33
jojo
15 janv. 2007 à 23:19
Tiens, je te poste aussi le rapport Antivir :



AntiVir PersonalEdition Classic
Report file date: lundi 15 janvier 2007 20:04

Scanning for 569934 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: wam
Computer name: BIPBOP

Version information:
BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00
AVSCAN.EXE : 7.0.3.2 208936 Bytes 05/12/2006 15:30:07
AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 16:00:22
LUKE.DLL : 7.0.3.2 143400 Bytes 31/10/2006 16:07:46
LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 16:00:22
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 15:30:06
ANTIVIR1.VDF : 6.36.1.24 2212864 Bytes 14/11/2006 09:12:08
ANTIVIR2.VDF : 6.36.1.113 221696 Bytes 01/12/2006 09:12:12
ANTIVIR3.VDF : 6.37.0.3 6144 Bytes 01/12/2006 09:12:14
AVEWIN32.DLL : 7.3.0.15 1982976 Bytes 04/12/2006 17:18:38
AVPREF.DLL : 7.0.2.0 23592 Bytes 03/11/2006 10:53:44
AVREP.DLL : 6.37.0.3 983080 Bytes 01/12/2006 09:05:52
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 08:43:31
AVPACK32.DLL : 7.2.0.5 368680 Bytes 23/10/2006 15:21:31
AVREG.DLL : 7.0.1.1 30760 Bytes 23/10/2006 10:52:27
NETNT.DLL : No Information!
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 12:26:26
RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 16:00:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: D:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00007000

Start of the scan: lundi 15 janvier 2007 20:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'IEXPLORE.EXE' - '1' Modules have been scanned
Scan process 'lxcgcoms.exe' - '1' Modules have been scanned
Scan process 'wdfmgr.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'atiptaxx.exe' - '1' Modules have been scanned
Scan process 'ezprint.exe' - '1' Modules have been scanned
Scan process 'bcmwltry.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
25 processes with 25 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( 24 files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\Kazaa Lite Resurrection\mp3shield.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '45ded595.qua'!
C:\System Volume Information\_restore{A8172783-2F2B-4F3A-8E28-B64BDA20B6E9}\RP133\A0075113.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '45dbd7ac.qua'!
Begin scan in 'D:\'
D:\hiberfil.sys
[WARNING] The file could not be opened!
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
[DETECTION] Is the Trojan horse TR/Dldr.Keenval.3
[INFO] The file was moved to '460cd9bd.qua'!
D:\RECYCLER\NPROTECT\00001843.EXE
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '45dbdd9a.qua'!
Begin scan in 'F:\' <DRV4_VOL1>
F:\tedmùp^m\102.part
[0] Archive type: ACE
--> Rage Against The Machine\video\Thumbs.db
[WARNING] Error creating the file
--> Rage Against The Machine\mp3\2000 - Renegades\Thumbs.db
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'E:\' <F:\>
The path E:\ could not be found!
Le périphérique n'est pas prêt.

Begin scan in 'G:\' <New_Compilation>


End of the scan: lundi 15 janvier 2007 21:37
Used time: 1:32:59 min

The scan has been done completely.

4169 Scanning directories
200722 Files were scanned
4 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
200718 Files not concerned
1748 Archives were scanned
5 Warnings
0 Notes
0
Réponse 27 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
15 janv. 2007 à 23:37
bonsoir,

donc si j'ai bien compris, c ton autre pc ?

virer des lignes inutiles

lance hijackthis coche et fixe

O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O18 - Protocol: bw+0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8C1677CE-3B74-4881-ADAD-993AE55182CB} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
0
Réponse 28 / 33
jojo
18 janv. 2007 à 01:54
Voici le nouveau rapport Hijack :

Logfile of HijackThis v1.99.1
Scan saved at 01:49:43, on 18/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Lexmark 2300 Series\ezprint.exe
D:\WINDOWS\System32\atiptaxx.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
D:\Documents and Settings\wam\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {3873A5A5-C3F8-4830-ABF5-9C83C8347B09} - D:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy Gif Animator Toolbar - {8AAE1BCA-A973-423F-9232-7007D8CED2C7} - D:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lxcgmon.exe] "D:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "d:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{47FD4825-B786-46FF-B1B3-11B00E6F2CD4}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD2B1EA1-3B84-423A-91CE-62D6BB954E0D}: NameServer = 80.10.246.1,80.10.246.132
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
0
Réponse 29 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
18 janv. 2007 à 21:25
Bonsoir,

relance HijackThis, coche et fixe cette ligne

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

puis fait un scan antivirus en ligne ici et poste le rapport au format texte stp
http://www.bitdefender.fr/scan8/ie.html
0
Réponse 30 / 33
jojo
22 janv. 2007 à 01:17
//-----------------------------------------------------------------
//
// Fichier journal BitDefender
//
// Créé le: 21/01/2007 19:34:41
//
//-----------------------------------------------------------------


Statistiques

Chemin cible: C:\
D:\
F:\
Dossiers : 4181
Fichiers : 321548
Archives : 1871
Fichiers empaquetés : 42885
Virus trouvés : 1
Fichiers infectés : 3
Alertes : 0
Fichiers suspects : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers copiés : 0
Fichiers déplacés : 3
Fichiers renommés : 0
Erreurs I/O : 25
Temps d'analyse := 04:14:01
Fichiers/seconde :21

Définitions virus : 389906
Plugins d'analyse : 14
Plugins archives : 38
Plug-ins décompression : 6
Plug-ins messagerie : 6
Plug-ins système : 1

Options d'analyse

Détection
[X] Analyser le secteur de boot
[X] Analyser les archives
[X] Analyser les fichiers en paquets
[X] Analyser la messagerie

Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Copier
[ ] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Seconde action
[ ] Ignorer
[ ] Effacer
[ ] Copier
[X] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal : vscan.log
[ ] Rajouter au rapport existant

Sommaire :

C:\System Volume Information\_restore{F9FD103F-868D-482F-A657-6369914C8BD5}\RP45\A0007892.exe Infectés avec Adware.Navexcel.A
C:\System Volume Information\_restore{F9FD103F-868D-482F-A657-6369914C8BD5}\RP45\A0007892.exe Désinfection impossible
C:\System Volume Information\_restore{F9FD103F-868D-482F-A657-6369914C8BD5}\RP45\A0007892.exe Déplacé
C:\System Volume Information\_restore{F9FD103F-868D-482F-A657-6369914C8BD5}\RP45\A0007893.exe Infectés avec Adware.Navexcel.A
C:\System Volume Information\_restore{F9FD103F-868D-482F-A657-6369914C8BD5}\RP45\A0007893.exe Désinfection impossible
C:\System Volume Information\_restore{F9FD103F-868D-482F-A657-6369914C8BD5}\RP45\A0007893.exe Déplacé
C:\System Volume Information\_restore{F9FD103F-868D-482F-A657-6369914C8BD5}\RP45\A0007894.dll Infectés avec Adware.Navexcel.A
C:\System Volume Information\_restore{F9FD103F-868D-482F-A657-6369914C8BD5}\RP45\A0007894.dll Désinfection impossible
C:\System Volume Information\_restore{F9FD103F-868D-482F-A657-6369914C8BD5}\RP45\A0007894.dll Déplacé
Fichiers analysés
0
Réponse 31 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
22 janv. 2007 à 14:34
Bonjour,

c'est ok,
démarrer-----------panneau de configuration------------système----------

onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------

redémarre l'ordinateur
puis ré active la.
0
Réponse 32 / 33
jojo
24 janv. 2007 à 01:52
Nouveau rapport Hijack :

Logfile of HijackThis v1.99.1
Scan saved at 01:49:58, on 24/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\UltimateBet\UltimateBet.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
d:\program files\softwin\bitdefender free edition\bdmcon.exe
D:\Program Files\Everest Poker\Everest Poker.exe
D:\Documents and Settings\wam\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BDMCon] D:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] D:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{47FD4825-B786-46FF-B1B3-11B00E6F2CD4}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD2B1EA1-3B84-423A-91CE-62D6BB954E0D}: NameServer = 80.10.246.1,80.10.246.132
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 33 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
24 janv. 2007 à 12:17
Bonjour,


Antivir ou bitdefender comme antivirus, il faut choisir, et en supprimer 1
jamais 2 antivirus en résident.

de + ton système d'exploitation n'étant pas à jour, tu ferais bien d'installer un firewall et de lire ceci :
securite proteger un ordinateur contre les malwares d internet
0