Security Toolbar

Résolu
wallace3044 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention   -  
mesmos1 Messages postés 6 Statut Membre -
Salut!!

J'ai réussi à me débarasser de la barre d'outils encombrante, mais j'ai encore une icône d'alerte qui clignote (point d'interrogation blanc dans un cercle bleu)...de temps en temps une page s'affiche en disant que mon PC serait infecté par un virus, et on me propose différentes "solutions"
Configuration: Windows XP
Internet Explorer 6.0

17 réponses

  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,
    c'est que tu es toujours infecté

    * Télécharge HijackThis et poste le rapport stp

    http://pchelpbordeaux.free.fr/logiciels.html
    Tutorial
    http://pchelpbordeaux.free.fr/tuto.html
    Démo en image
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    et

    * télécharge AVG Anti-Spyware (ewido)

    https://www.avg.com/en-ww/free-antivirus-download

    * tu l'installes

    * lance AVG Anti-Spyware et clique sur le bouton Mise à jour.<g/ras> Patiente

    puis

    Lance <gras>AVG Anti-Spyware


    Clique sur le bouton Analyse (de la barre d'outils)

    Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.

    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

    A la fin du scan, choisis l'option 3

    "Appliquer toutes les actions " en bas.

    Clique sur "Enregistrer le rapport".

    Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    Poste le.
    0
    1. wallace3044 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
       
      J'ai posté le résultat de mes scans...
      0
    2. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
       
      slt,

      Ouais là :
      security toolbar

      je les copie/colle car le topic que tu as recréé va être fermé.

      Security Toolbar wallace3044 (lundi 15 janvier 2007 à 19:35:04)
      Statut Non résolu

      Salut à tous,

      Suivant les conseils de philae83, j'ai fait un scan AVG et Hijackthis. Rappel, mom problème concernait une barre d'outils encombrante et la présence d'un virus...

      Voici le résultat du scan AVG:

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 19:26:32 15/01/2007

      + Résultat de l'analyse:



      D:\FruityLoops 3.56\Plugins\Fruity\Generators\Fruity_SoundFont_Player_v1.0_For_FruityLoops-PARADOX\pdxfsf1.zip/CrcCheck.exe -> Downloader.Dadobr.bk : Nettoyé et sauvegardé (mise en quarantaine).
      E:\Fruityloops.rar/Fruityloops\Fruity Dx10.zip/CrcCheck.exe -> Downloader.Dadobr.bk : Nettoyé et sauvegardé (mise en quarantaine).
      E:\Fruityloops.rar/Fruityloops\Fruity_SoundFont_Player_v1.0_For_FruityLoops-PARADOX.zip/Fruity_SoundFont_Player_v1.0_For_FruityLoops-PARADOX/pdxfsf1.zip/CrcCheck.exe -> Downloader.Dadobr.bk : Nettoyé et sauvegardé (mise en quarantaine).
      E:\Fruityloops\Fruity Dx10.zip/CrcCheck.exe -> Downloader.Dadobr.bk : Nettoyé et sauvegardé (mise en quarantaine).
      E:\Fruityloops\Fruity_SoundFont_Player_v1.0_For_FruityLoops-PARADOX.zip/Fruity_SoundFont_Player_v1.0_For_FruityLoops-PARADOX/pdxfsf1.zip/CrcCheck.exe -> Downloader.Dadobr.bk : Nettoyé et sauvegardé (mise en quarantaine).


      Fin du rapport




      Et voici le résultat de celui effectué avec Hijackthis:



      Logfile of HijackThis v1.99.1
      Scan saved at 19:29:04, on 15/01/2007
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\CTsvcCDA.EXE
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\ISHOST.EXE
      C:\WINDOWS\System32\ismini.exe
      C:\WINDOWS\System32\isnotify.exe
      C:\WINDOWS\System32\issearch.exe
      C:\WINDOWS\System32\RUNDLL32.EXE
      C:\Program Files\D-Tools\daemon.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
      C:\WINDOWS\System32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\Program Files\Nikon\NkView6\NkvMon.exe
      C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
      C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\HijackThis.exe

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*;localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
      O1 - Hosts: 82.179.166.164 lender-search.com
      O1 - Hosts: 82.179.166.165 hot-searches.com
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [\\192.168.1.15\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P38 "\\192.168.1.15\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
      O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
      O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
      O4 - Global Startup: Pinnacle Scheduler.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
      O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{08BC974D-EEC9-462C-AA8F-0AB7A835BA29}: NameServer = 192.168.1.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{08BC974D-EEC9-462C-AA8F-0AB7A835BA29}: NameServer = 192.168.1.1
      O17 - HKLM\System\CS2\Services\Tcpip\..\{08BC974D-EEC9-462C-AA8F-0AB7A835BA29}: NameServer = 192.168.1.1
      O18 - Protocol: bw+0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O18 - Protocol: offline-8876480 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


      Quelqu'un peut me dire ce que je dois faire ensuite?

      Configuration: Windows XP
      Internet Explorer 6.0


      Reste sur le topic avec Philae :)

      a+
      0
  2. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    merci seb08

    je regarde ton rapport, réponse dans un moment
    0
    1. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
       
      appelle moi Séb STP ^^

      Le 08 est anecdotique... lol
      0
      1. philae83 Messages postés 12854 Statut Contributeur sécurité 206 > Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention  
         
        OK allons y pour Séb !
        0
  3. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    * Télécharge ce fichier sur le bureau :
    http://downloads.malwareremoval.com/Nel/FixP.zip

    Extrait et double clique sur Fix_Protocol_zones_ranges.reg.

    Accepte lorsqu'il te demande de fusionner avec le registre.

    puis

    * lance HijackThis, pour un "scan seulement" et coche ces lignes

    O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup ----c'est un "rogue"
    O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
    O18 - Protocol: bw+0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {BC05D9E6-4E66-48CA-96B4-791BD585DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    * ferme toutes les fenetres ouvertes y compris Internet Explorer et clique sur "fixer objet"

    puis

    * via ajout et suppression de programme, supprime
    spykiller

    puis

    Télécharge : Pocket KillBox
    https://www.bleepingcomputer.com/download/linux/

    Mets le dans un dossier ou sur ton bureau (Clique droit puis Extraire tout)

    1- Double-clic sur KillBox.exe
    2- Selectionne "Delete on Reboot"
    3 - Dans "Full Path of File to Delete"
    copie et colle:
    C:\WINDOWS\System32\ixt0.dll 

    5- clic sur le rond rouge
    6- une fenetre va apparaitre pour confirmation clic sur OUI
    7- une seconde fenetre te demande si tu veux redemarrer clic sur OUI

    puis

    * Assure toi d'avoir accès à tous les fichiers

    -démarrer

    -poste de travail ou autre dossier

    -menu outils

    -options de dossier

    -onglet affichage

    puis

    - activer la case : Afficher les fichiers et dossiers cachés

    - désactiver la case : Masquer les extensions des fichiers dont le type est connu

    - désactiver la case : Masquer les fichier protégés du système d'exploitation

    Puis - Appliquer

    * et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :

    c:\programfiles\spykiller

    et reposte un nouveau rapport hijackthis

    ----------

    Supprime ce dossier : C:\!KillBox

    0
  4. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    tu as fait 2 topics, on continue où ?
    security toollbar
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. wallace3044 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Salut,

    On continue celui-ci, c'est le même de toute façon...
    0
  7. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    Ok

    tu en es où des manips ?
    0
  8. wallace3044 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    J'ai fini celles que tu m'as conseillé de faire...j'ai encore un problème avec la page de démarrage, http://www.asecurityissue.com/ , alors que celle par défaut devrait être google.
    0
  9. wallace3044 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Tu as une idée de comment revenir à ma page de démarrage initiale?
    0
  10. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    re vous 2, :)

    désolé de m'incruster philae

    ceci

    C:\WINDOWS\System32\ixt0.dll (quake)

    est éradiqué avec Smitfraudfix il doit y avoir autre chose ...

    Wallace,

    Télécharges smitfraudfix:(merci a S!RI pour ce programme)

    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisis l option 1
    cela vas générer un rapport,copie/colle le.

    Si tu vois des lignes avec PRESENT!

    - > Continue la manip qui suit.

    * Redémarres le PC en mode sans échec : Au démarrage tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le [mode sans échec]

    * Ouvre le dossier [SmitfraudFix] et double clic sur Smitfraudfix.cmd, choisit l’option 2 et tu réponds oui à tout.

    Copie/colle le rapport sur le forum stp.

    A+
    0
  11. wallace3044 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Salut Séb,

    Voici ce que tu m'as demandé:

    SmitFraudFix v2.132

    Rapport fait à 23:40:05,68, 17/01/2007
    Executé à partir de C:\Documents and Settings\Sam1\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\ismini.exe supprimé
    C:\WINDOWS\system32\issearch.exe supprimé
    Problème suppression C:\WINDOWS\system32\ixt?.dll
    Problème suppression C:\WINDOWS\system32\ixt??.dll
    C:\WINDOWS\system32\ot.ico supprimé
    C:\WINDOWS\system32\components\flx?.dll supprimé
    C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url supprimé
    C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url supprimé
    C:\DOCUME~1\Sam1\Favoris\Online Security Test.url supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage du registre non souhaité.

    »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Reboot

    C:\WINDOWS\system32\ixt?.dll supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Ça a l'air OK, google est revenu en page d'acceuil....
    0
  12. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    ok bien .

    redémarre en mode normal si ce n'est pas fait .

    scanne ton PC avec cet antivirus en ligne (sous IE et accepte l’activX) :
    http://www.bitdefender.fr/bd/site/search.php#
    Clique sur « Bitdefender scan on line » suis les instructions.
    Démo (merci à balltrap pour cette démo) :
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    Et colle le rapport.

    Je coupe. :)

    A+
    0
  13. wallace3044 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Salut Séb08,

    Voici le résultat du scan BitDefender:

    <HTML>
    <HEAD>
    <TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    </HEAD>
    <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

    <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
    <tr>
    <td width="458">
    <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>
    <tr>
    <td colspan="3" width="912">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Sat, Jan 20, 2007 - 12:54:26</b></span></font></p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;G:\;H:\;</span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Statistiques</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Temps</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">01:13:08</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">253695</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Directoires</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">4060</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Secteurs de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">5</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">2208</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">16668</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Résultats</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Virus identifiés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">7</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers infectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">18</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers suspects</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Désinfectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers effacés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">20</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Définition virus</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">389964</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Version des moteurs</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">14</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archive des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">38</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Unpack des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">6</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">E-mail plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">6</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Système plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">1</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Première action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Désinfecté</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Seconde Action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Heuristique</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Acceptez les avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Extensions analysées</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">*;</font></p>
    </td>
    </tr>

    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Excludez les extensions</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2"> </font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse d'emails</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyser paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td colspan=2>  
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="252" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
    </td>
    <td width="195" bgcolor="#CCCCCC" align="right">
    <p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42485586.dll=>(Quarantine-2)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.FakeAlert.AO</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42485586.dll=>(Quarantine-2)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42485586.dll=>(Quarantine-2)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Program Files\backups\backup-20070117-194221-406.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Zlob.AJE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Program Files\backups\backup-20070117-194221-406.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Program Files\backups\backup-20070117-194221-406.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP350\A0087980.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Zlob.IL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP350\A0087980.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP350\A0087980.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088217.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Zlob.IL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088217.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088217.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088280.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.FakeAlert.AO</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088280.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088280.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088285.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Zlob.IL</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088285.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088285.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088295.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Zlob.AJE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088295.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088295.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088312.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Zlob.AJE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088312.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP351\A0088312.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088338.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Zlob.AJE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088338.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088338.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088351.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Fakealert.AZ</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088351.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088351.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088352.bat</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Zlob.AM</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088352.bat</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088352.bat</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088397.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Zlob.AIZ</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088397.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088397.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088416.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Zlob.AJE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088416.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088416.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088422.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Zlob.AJE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088422.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088422.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088425.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Dropped:Trojan.FakeAlert.AO</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088425.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088425.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088430.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Zlob.AJE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088430.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP352\A0088430.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP354\A0088519.dll=>(Quarantine-2)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.FakeAlert.AO</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP354\A0088519.dll=>(Quarantine-2)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP354\A0088519.dll=>(Quarantine-2)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP354\A0088521.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Zlob.AJE</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP354\A0088521.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{1BB6C254-2B41-4BCE-98C3-D50C1E3DBA8C}\RP354\A0088521.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr>
    </table>
    </td>

    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    </table>
    <p> </p>

    </body>
    </html>

    Pour moi, c'est du Chinois :-S

    Merci pour ton aide!!!
    0
  14. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Re,

    Ou en sont tes probs ?

    a+
    0
  15. wallace3044 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Je n'en ai apparemment plus :-) ....

    Je crois que finalement, je m'en suis débarassé!!! (grâce à ton aide of course)...

    Merci pour tout et à plus!
    0
  16. wallace3044 Messages postés 18 Date d'inscription   Statut Membre Dernière intervention  
     
    Salut!

    Est ce que quelqu'un a eu le temps de jeter un coup d'oeil à mon scan BitDefender?

    Je n'ai plus de problème apparent, mais c'est juste pour être certain que tout est réellement OK.

    Merci
    0
  17. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    Bonsoir,

    oui il est ok

    démarrer-----------panneau de configuration------------système----------

    onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------

    redémarre l'ordinateur
    ensuite tu la ré actives
    0
  18. mesmos1 Messages postés 6 Statut Membre
     
    slt jai un probleme avec la barre de security toolbar 7.1 kelk1 pourai m'aider?? voici le rapport de hijackyhis:
    Logfile of HijackThis v1.99.1
    Scan saved at 19:41:32, on 29/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WIN\System32\smss.exe
    C:\WIN\system32\winlogon.exe
    C:\WIN\system32\services.exe
    C:\WIN\system32\lsass.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WIN\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WIN\system32\HPZipm12.exe
    C:\WIN\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Video ActiveX Access\iesmn.exe
    C:\Program Files\Video ActiveX Access\imsmain.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
    C:\WIN\system32\igfxtray.exe
    C:\WIN\system32\hkcmd.exe
    C:\WIN\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WIN\system32\igfxsrvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WIN\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Video ActiveX Access\imsmn.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WIN\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Video ActiveX Access\iesmin.exe
    C:\Program Files\Menara\dslmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WIN\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - C:\Program Files\Video ActiveX Access\iesplg.dll
    O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WIN\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WIN\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WIN\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{58CBE221-3407-4F87-886C-5C1DE3340557}: NameServer = 212.217.1.4 212.217.0.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E585E80E-9964-4029-8BB2-4F78F78B2628}: NameServer = 212.217.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WIN\SYSTEM32\igfxdev.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WIN\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    0