Sujet Précédent Sujet Suivant

Popup qui me telecharge des virus :S

nareau -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
j'suis pris avec des popup qui mdowload des virus j'aimerais vous regardiez ce log de hijackthis parce que je n'arrive pas a voir la bete noir

Logfile of HijackThis v1.99.1
Scan saved at 15:36:06, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\winstall.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Propriétaire\Application Data\?racle\d?xplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {D8FD9923-01CC-523B-CE1E-0FE55F6A4090} - C:\WINDOWS\system32\rxv.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D8FD9923-01CC-523B-CE1E-0FE55F6A4090} - C:\WINDOWS\system32\rxv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\winstall.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Dzcrmoo] C:\Documents and Settings\Propriétaire\Application Data\?racle\d?xplore.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?9cb215b75f744795b9acf2e6a982967
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?9cb215b75f744795b9acf2e6a982967
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sazou.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: bw+0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aXNh\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

merci d'avance ;)
A voir également:

9 réponses

Réponse 1 / 9
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

# Télécharge Blacklight (de F-Secure) :

https://europe.f-secure.com/exclude/blacklight/index.shtml

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

++
0
Réponse 2 / 9
nareau
 
SmitFraudFix v2.141

Rapport fait à 17:35:24,71, 07/02/2007
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\Nouveau dossier (2)
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 3 / 9
nareau
 
02/07/07 17:42:40 [Info]: BlackLight Engine 1.0.55 initialized
02/07/07 17:42:40 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/07/07 17:42:47 [Note]: 7019 4
02/07/07 17:42:47 [Note]: 7005 0
02/07/07 17:43:08 [Note]: 7006 0
02/07/07 17:43:09 [Note]: 7011 1700
02/07/07 17:43:17 [Note]: 7026 0
02/07/07 17:43:18 [Note]: 7026 0
02/07/07 17:45:18 [Note]: FSRAW library version 1.7.1021
02/07/07 18:19:06 [Note]: 2000 1012
02/07/07 18:19:06 [Note]: 2000 1012
02/07/07 18:22:33 [Note]: 7007 0
0
Réponse 4 / 9
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok, fais ce qui est indiqué sur ce lien stp :

virus methode preliminaire de desinfection version fr

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
nareau
 
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 08:51:17 08/02/2007

+ Résultat de l'analyse:

C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe -> Adware.ClickSpring : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037355.dll -> Adware.CommAd : Aucune action entreprise.
C:\WINDOWS\aXNh\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ -> Adware.CommAd : Aucune action entreprise.
C:\WINDOWS\aXNh\command.exe -> Adware.CommAd : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028463.exe -> Adware.Maxifiles : Aucune action entreprise.
C:\Documents and Settings\Propriétaire\winstall.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028311.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028362.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028370.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028378.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028469.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028470.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028500.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028502.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028532.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028548.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP194\A0028573.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP194\A0028575.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP196\A0028597.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP203\A0030833.dll -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP203\A0030834.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP207\A0030972.dll -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037357.dll -> Adware.PurityScan : Aucune action entreprise.
C:\WINDOWS\system32\__delete_on_reboot__r_x_v_._d_l_l_ -> Adware.PurityScan : Aucune action entreprise.
C:\WINDOWS\system32\winstall.exe -> Adware.PurityScan : Aucune action entreprise.
C:\WINDOWS\winstall.exe -> Adware.PurityScan : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028274.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028277.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028279.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028281.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028283.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028285.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028287.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028289.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028291.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028293.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028295.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028297.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028299.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028301.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028303.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028305.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028307.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028309.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028355.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028358.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028360.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028372.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028374.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028376.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028382.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028384.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028386.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028397.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028475.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028519.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028521.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028523.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028525.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028527.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028551.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP196\A0028600.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP196\A0028619.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028710.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028712.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028714.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028716.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028718.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028312.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028356.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028366.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028377.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028468.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028471.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028503.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028533.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028549.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP194\A0028574.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP194\A0028576.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP196\A0028598.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028724.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028727.exe -> Downloader.Agent.bca : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP196\A0028599.exe -> Downloader.Small.ebj : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028464.dll -> Downloader.Small.ece : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028462.exe -> Dropper.DollarR.b : Aucune action entreprise.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\installer.exe -> Dropper.PurityScan.q : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP245\A0033049.exe -> Dropper.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028273.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028275.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028278.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028280.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028282.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028284.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028286.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028288.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028290.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028292.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028294.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028296.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028298.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028300.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028302.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028304.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028306.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028308.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028357.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028359.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028371.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028373.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028375.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028381.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028383.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028385.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028474.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028518.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028520.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028522.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028524.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028526.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028709.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028711.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028713.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028715.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028717.dll -> Logger.Delf.mk : Aucune action entreprise.
C:\WINDOWS\Downloaded Program Files\speedtest2.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Aucune action entreprise.
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Aucune action entreprise.
:mozilla.7:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\wgfxvltn.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\wgfxvltn.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028310.exe -> Trojan.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP183\A0028361.exe -> Trojan.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP190\A0028467.exe -> Trojan.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028499.exe -> Trojan.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028501.exe -> Trojan.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028531.exe -> Trojan.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP192\A0028547.exe -> Trojan.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028723.exe -> Trojan.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP198\A0028726.exe -> Trojan.Small : Aucune action entreprise.
C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP207\A0030974.exe -> Trojan.Small : Aucune action entreprise.
C:\WINDOWS\aXNh\urh1.vbs -> Trojan.Small : Aucune action entreprise.
C:\WINDOWS\system32\wapisvtr.exe -> Trojan.Small : Aucune action entreprise.
C:\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Aucune action entreprise.

Fin du rapport

BitDefender Online Scanner

Scan report generated at: Thu, Feb 08, 2007 - 10:35:04

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time

01:20:31

Files

271399

Folders

3660

Boot Sectors

3

Archives

5397

Packed Files

18166

Results

Identified Viruses

6

Infected Files

9

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

10

Engines Info

Virus Definitions

419317

Engine build

AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins

14

Archive plugins

38

Unpack plugins

6

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\UGHFJ2R4\!update-4295[1].0000

Infected with: Trojan.Downloader.PurityScan.BP

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\UGHFJ2R4\!update-4295[1].0000

Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\UGHFJ2R4\!update-4295[1].0000

Deleted

C:\Program Files\Defenza\DefinitionUpdates\Ver2853-2912.exe

Infected with: DeepScan:Generic.PWStealer.08711246

C:\Program Files\Defenza\DefinitionUpdates\Ver2853-2912.exe

Disinfection failed

C:\Program Files\Defenza\DefinitionUpdates\Ver2853-2912.exe

Deleted

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP196\A0028607.rbf

Infected with: Backdoor.MSNMaker.AC

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP196\A0028607.rbf

Disinfection failed

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP196\A0028607.rbf

Deleted

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP234\A0032014.exe=>(Quarantine-2)

Infected with: Win32.Worm.VB.Ymeak.A

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP234\A0032014.exe=>(Quarantine-2)

Disinfection failed

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP234\A0032014.exe=>(Quarantine-2)

Deleted

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037362.exe

Infected with: Dropped:Trojan.Purityad.E

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037362.exe

Disinfection failed

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037362.exe

Deleted

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037363.exe

Infected with: Dropped:Trojan.Purityad.E

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037363.exe

Disinfection failed

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037363.exe

Deleted

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037364.exe

Infected with: Dropped:Trojan.Purityad.E

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037364.exe

Disinfection failed

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037364.exe

Deleted

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037367.exe

Infected with: Trojan.Dnschange.F

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037367.exe

Disinfection failed

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037367.exe

Deleted

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037388.exe

Infected with: DeepScan:Generic.PWStealer.08711246

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037388.exe

Disinfection failed

C:\System Volume Information\_restore{F36B62B2-55F4-4678-B165-25767AF6263F}\RP265\A0037388.exe

Deleted

Logfile of HijackThis v1.99.1
Scan saved at 11:01:03, on 08/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\Propriétaire\Application Data\?racle\d?xplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {D8FD9923-01CC-523B-CE1E-0FE55F6A4090} - C:\WINDOWS\system32\rxv.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D8FD9923-01CC-523B-CE1E-0FE55F6A4090} - C:\WINDOWS\system32\rxv.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Dzcrmoo] C:\Documents and Settings\Propriétaire\Application Data\?racle\d?xplore.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?9cb215b75f744795b9acf2e6a982967
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?9cb215b75f744795b9acf2e6a982967
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sazou.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: bw+0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {C6C59C5E-8CFB-4034-88D8-6FAF0BBDF8A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aXNh\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
0
Réponse 6 / 9
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

Aucune action entreprise.

as tu supprimer tout ce qu'avg t'a trouvé ???

Télécharge LopxpMH sur ton Bureau.

http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip

Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.

Poste le contenu du rapport ici stp

++
0
Réponse 7 / 9
nareau
 
Rapport fait à 12:12:21,79 le 08/02/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Documents and Settings\All Users\Application Data

15/09/2006 15:15 <REP> .
15/09/2006 15:15 <REP> ..
06/02/2007 08:14 <REP> Adobe
17/12/2006 15:46 <REP> avg7
31/10/2006 10:49 <REP> Google
07/10/2006 21:46 <REP> Google Updater
17/12/2006 15:46 <REP> Grisoft
15/09/2006 15:15 <REP> Microsoft
15/09/2006 14:30 <REP> MSN6
22/09/2006 09:23 <REP> Symantec
17/12/2006 16:37 <REP> TEMP
24/09/2006 06:30 <REP> Windows Genuine Advantage
22/09/2006 11:08 <REP> Windows Live Toolbar
13/10/2006 21:33 <REP> Yahoo!
08/02/2007 07:31 <REP> Yahoo! Companion
04/12/2006 09:57 3ÿ120 118300.34
15/09/2006 15:15 62 desktop.ini
2 fichier(s) 3ÿ182 octets
15 R‚p(s) 7ÿ029ÿ932ÿ032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Documents and Settings\Default User\Application Data

15/09/2006 15:15 <REP> .
15/09/2006 15:15 <REP> ..
15/09/2006 15:15 <REP> Microsoft
15/09/2006 15:15 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 7ÿ029ÿ932ÿ032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

15/09/2006 15:15 <REP> .
15/09/2006 15:15 <REP> ..
0 fichier(s) 0 octets
2 R‚p(s) 7ÿ029ÿ932ÿ032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

15/09/2006 14:28 <REP> .
15/09/2006 14:28 <REP> ..
17/12/2006 15:46 <REP> AVG7
15/09/2006 14:28 <REP> Microsoft
12/12/2006 14:22 <REP> NetMon
0 fichier(s) 0 octets
5 R‚p(s) 7ÿ029ÿ932ÿ032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

15/09/2006 14:28 <REP> .
15/09/2006 14:28 <REP> ..
15/09/2006 14:28 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 7ÿ029ÿ932ÿ032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

15/09/2006 14:28 <REP> .
15/09/2006 14:28 <REP> ..
15/09/2006 14:28 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 7ÿ029ÿ932ÿ032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

15/09/2006 14:28 <REP> .
15/09/2006 14:28 <REP> ..
15/09/2006 14:28 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 7ÿ029ÿ932ÿ032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data

15/09/2006 14:29 <REP> .
15/09/2006 14:29 <REP> ..
22/09/2006 08:32 <REP> ACD Systems
07/10/2006 23:12 <REP> Adobe
07/10/2006 23:12 <REP> AdobeUM
17/12/2006 15:47 <REP> AVG7
22/09/2006 06:39 <REP> FotoWire
31/10/2006 15:30 <REP> Google
15/09/2006 14:29 <REP> Identities
22/09/2006 06:07 <REP> Macromedia
15/09/2006 14:29 <REP> Microsoft
22/09/2006 09:51 <REP> Mozilla
15/09/2006 14:30 <REP> MSN6
03/12/2006 23:36 <REP> PC Tools
01/01/2007 17:46 <REP> Sun
02/02/2007 07:59 <REP> Talkback
10/12/2006 21:18 <REP> Windows Desktop Search
03/12/2006 22:51 <REP> ?racle
11/12/2006 15:50 <REP> ?ecurity
15/09/2006 14:29 62 desktop.ini
1 fichier(s) 62 octets
19 R‚p(s) 7ÿ029ÿ927ÿ936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Documents and Settings\Propri‚taire\Local Settings\Application Data

15/09/2006 14:29 <REP> .
15/09/2006 14:29 <REP> ..
22/09/2006 08:32 <REP> ACDSee
07/10/2006 23:12 <REP> Adobe
02/02/2007 22:18 <REP> Ahead
07/10/2006 21:47 <REP> Google
04/10/2006 15:02 <REP> Identities
22/09/2006 06:41 <REP> Logitech-LS
15/09/2006 14:29 <REP> Microsoft
22/09/2006 09:52 <REP> Mozilla
22/09/2006 04:59 22ÿ528 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
02/10/2006 02:15 13ÿ104 GDIPFONTCACHEV1.DAT
15/09/2006 14:45 3ÿ200ÿ574 IconCache.db
3 fichier(s) 3ÿ236ÿ206 octets
10 R‚p(s) 7ÿ029ÿ927ÿ936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

15/09/2006 14:27 <REP> .
15/09/2006 14:27 <REP> ..
15/09/2006 14:27 <REP> Microsoft
15/09/2006 14:27 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 7ÿ029ÿ927ÿ936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

15/09/2006 14:27 <REP> .
15/09/2006 14:27 <REP> ..
02/10/2006 02:14 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 7ÿ029ÿ927ÿ936 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\WINDOWS\Tasks

15/09/2006 14:25 6 SA.DAT
15/09/2006 14:23 65 desktop.ini
15/09/2006 14:23 <REP> ..
15/09/2006 14:23 <REP> .
2 fichier(s) 71 octets
2 R‚p(s) 7ÿ029ÿ927ÿ936 octets libres

******************************************
## Répertoires de Program files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\Program Files

08/02/2007 07:04 <REP> .
08/02/2007 07:04 <REP> ..
22/09/2006 13:20 <REP> ACD Systems
07/10/2006 21:50 <REP> Adobe
27/01/2007 04:41 <REP> Ahead
22/09/2006 11:02 <REP> Analog Devices
15/12/2006 19:58 <REP> BitLord
22/09/2006 05:00 <REP> Broadcom
08/02/2007 07:04 <REP> CCleaner
05/12/2006 01:00 <REP> Defenza
22/09/2006 06:40 <REP> directx
27/01/2007 04:41 <REP> Fichiers communs
26/01/2007 19:27 <REP> Google
08/02/2007 07:15 <REP> Grisoft
17/12/2006 16:33 <REP> InetGet2
17/12/2006 03:03 <REP> Internet Explorer
22/09/2006 07:01 <REP> Java
03/12/2006 23:09 <REP> Lavasoft
27/09/2006 08:20 <REP> LimeWire
22/09/2006 06:39 <REP> Logitech
23/09/2006 04:58 <REP> Matroska Pack
07/02/2007 18:34 <REP> Messenger
15/09/2006 14:25 <REP> microsoft frontpage
01/10/2006 16:34 <REP> Movie Maker
08/02/2007 12:10 <REP> Mozilla Firefox
15/09/2006 14:30 <REP> MSN
10/12/2006 21:16 <REP> MSN Apps
15/09/2006 14:22 <REP> MSN Gaming Zone
07/12/2006 10:27 <REP> MSN Messenger
16/11/2006 03:01 <REP> MSXML 4.0
01/10/2006 16:28 <REP> NetMeeting
08/02/2007 08:52 <REP> Network Monitor
16/01/2007 08:35 <REP> Norton AntiVirus
17/12/2006 03:02 <REP> Outlook Express
15/09/2006 14:24 <REP> Services en ligne
17/12/2006 16:37 <REP> Spyware Doctor
07/01/2007 13:20 <REP> Symantec
10/12/2006 21:18 <REP> Windows Desktop Search
10/12/2006 21:17 <REP> Windows Live Favorites
10/12/2006 21:17 <REP> Windows Live Toolbar
12/12/2006 14:15 <REP> Windows Media Connect 2
12/12/2006 15:57 <REP> Windows Media Player
01/10/2006 16:28 <REP> Windows NT
22/09/2006 08:07 <REP> WinRAR
22/09/2006 07:57 <REP> WinZip
15/09/2006 14:25 <REP> xerox
08/02/2007 07:04 <REP> Yahoo!
0 fichier(s) 0 octets
47 R‚p(s) 7ÿ029ÿ923ÿ840 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\PROPRITAIRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGFXVLTN.DEFAULT\HOSTPERM.1
host popup 1 chat.doyoulookgood.com

******************************************
## Registre

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Dzcrmoo REG_SZ C:\Documents and Settings\Propriétaire\Application Data\?racle\d?xplore.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\WINDOWS

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 90DB-344F

R‚pertoire de C:\WINDOWS

*************** Fin du rapport ****************
0
Réponse 8 / 9
nareau
 
oui jai pourtant tout suprimer
0
Réponse 9 / 9
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

ok,

1/Telecharger ceci: Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34).
http://pageperso.aol.fr/balltrap34/democleanup.htm

Déconnecter d'Internet et fermer tout les programmes en cours.

* Redémarrer en mode sans échec
Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
(Si F8 ne marche pas, essai F5)

*Rendre visible les fichiers cachés et système
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extensions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

* Lancer HijackThis et cliquer sur [Do a system scan only]
cocher la case au début des lignes suivantes :

O4 - HKCU\..\Run: [Dzcrmoo] C:\Documents and Settings\Propriétaire\Application Data\?racle\d?xplore.exe

valider en cliquant sur le bouton [fix checked]

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

* Recherche et supprime ces dossiers :

Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

S'ils sont présents, supprime les dossier en gras :

C:\Documents and Settings\Propri‚taire\Application Data\?racle
C:\Documents and Settings\Propri‚taire\Application Data\?ecurity

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ensuite, très important :

:: Supprimer les fichiers temporaires ::

Exécute cleanup40.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Redémarre normalement et reposte un Hijackthis ici stp

@+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses