Spyware virus

Résolu
dodo12 Messages postés 11 Statut Membre -  
papyber Messages postés 6430 Statut Contributeur sécurité -
lors de demarrage

Your computer is infected!
Windows has detected spyware infection.
It is recommended to use special antispyware tools to prevent data loss.
Windows will now download and install the most
up-to-date antispyware for you.
Click here to protect your computer from spyware.

plus une icones rouge avec la croix blanche
Configuration: Windows XP
Internet Explorer 6.0

19 réponses

  1. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    télécharge et installe le logiciel HijackThis v1.99.1
    http://pchelpbordeaux.free.fr/logiciels.html
    Tutorial
    http://pchelpbordeaux.free.fr/tuto.html
    télécharge GenProc sur ton bureau
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    poste un rapport hijack this après GenProc
    0
    1. dodo12 Messages postés 11 Statut Membre
       
      merci pour ton message
      pour GenProc apres l'execution s'affiche "Bonjour Aucune infection caractéristique trouvée !! "
      et voila le rapport de Hijackthis
      Logfile of HijackThis v1.99.1
      Scan saved at 16:27:46, on 27/03/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Spyware Doctor\swdoctor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Menara\dslmon.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.menara.ma/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.menara.ma/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b
      O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
      O4 - HKCU\..\Run: [pro] C:\antivir.exe
      O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
      O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Abonnés - {03F615A1-4EF2-4AF9-A6CE-8CA95574C8B4} - http://abonne.menara.ma (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{69094608-2C3E-4CC3-BCD3-F625A6304414}: NameServer = 212.217.0.16 196.217.246.210
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EB773160-CACF-4266-A827-827BD7750868}: NameServer = 212.217.0.1,212.217.0.12
      O18 - Protocol: bw+0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: offline-8876480 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
      0
  2. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    passe un coup de ccleaner nettoyeur seulement
    https://www.pcastuces.com/logitheque/ccleaner.htm

    faire un scan avec AVG Antispyware en mode sans echec le mettre à jour préalablement
    https://www.avg.com/en-ww/free-antivirus-download

    Lance AVG Anti-Spyware
    Clique sur le bouton « Analyse »
    Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
    Retour à l'onglet Analyse.
    Clique sur Analyse complète du système.
    A la fin du scan, choisis " Appliquer toutes les actions "
    Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    redémarre en mode normal
    Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    Installe le à la racine de C\ : double clique sur l'exe pour le décompresser et lancer le fix.
    Utilisation ----- option 1 - Recherche :
    Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
    Poste le rapport
    Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.
    0
    1. dodo12 Messages postés 11 Statut Membre
       
      j'ai fait ces etapes et voila le resultat
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 19:26:20 27/03/2007

      + Résultat de l'analyse:



      C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Nettoyé et sauvegardé (mise en quarantaine).
      HKU\S-1-5-21-602162358-688789844-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\technet\Application Data\drvcleaner.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
      C:\antivir.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Nettoyé et sauvegardé (mise en quarantaine).
      C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Nettoyé et sauvegardé (mise en quarantaine).
      C:\WINDOWS\system32\xlibgfl254.dll -> Trojan.Agent : Nettoyé et sauvegardé (mise en quarantaine).


      Fin du rapport




      SmitFraudFix v2.151

      Rapport fait à 19:42:26,67, 27/03/2007
      Executé à partir de C:\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\technet


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\technet\Application Data

      C:\Documents and Settings\technet\Application Data\Install.dat PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\technet\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  3. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    Utilisation ----- option 2 -Nettoyage :

    * Redémarre l'ordinateur en mode sans échec

    * Double clique sur smitfraudfix.cmd

    * Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    Le fix déterminera si le fichier wininet.dll est infecté.

    A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
    * Redémarre en mode normal et poste le rapport ici

    N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
    Attention que l'option 2 de l'outil supprime le fond d'écran !
    0
    1. dodo12 Messages postés 11 Statut Membre
       
      l'ecran devient Bleu et j'ai pas vu ca :Le fix déterminera si le fichier wininet.dll est infecté.

      A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu
      voila le Raport

      SmitFraudFix v2.151

      Rapport fait à 21:16:01,60, 27/03/2007
      Executé à partir de C:\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  4. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    poste moi un rapport hijack
    0
    1. dodo12 Messages postés 11 Statut Membre
       
      Logfile of HijackThis v1.99.1
      Scan saved at 21:49:01, on 27/03/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Spyware Doctor\swdoctor.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Menara\dslmon.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Abonnés - {03F615A1-4EF2-4AF9-A6CE-8CA95574C8B4} - http://abonne.menara.ma (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{69094608-2C3E-4CC3-BCD3-F625A6304414}: NameServer = 212.217.0.14 196.217.246.210
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EB773160-CACF-4266-A827-827BD7750868}: NameServer = 212.217.0.1,212.217.0.12
      O18 - Protocol: bw+0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: offline-8876480 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    lance hijack pour un scan et coches les lignes suivantes
    09 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Abonnés - {03F615A1-4EF2-4AF9-A6CE-8CA95574C8B4} - http://abonne.menara.ma (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/

    O18 - Protocol: bw+0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    ferme toutes tes fenêtres y compris internet et clique sur fixer l'objet

    si tout va bien supprime tout ce qu'on a utilisé car ce ne sera plus utile désormais
    passe un coup de ccleaner
    https://www.pcastuces.com/logitheque/ccleaner.htm

    fais un scan en ligne sur l’un de ces sites
    http://pandasoftware.fr
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    http://www.bitdefender.fr/scan8/ie.html
    http://www.secuser.com/outils/antivirus.htm
    http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=fr&venid=sym
    et colle le rapport
    je le regarderai demain; bonne nuit
    0
    1. dodo12 Messages postés 11 Statut Membre
       
      d'accord bonne nuit
      voile le rapport
      KASPERSKY ON-LINE SCANNER REPORT
      Wednesday, March 28, 2007 2:01:49 AM
      Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
      Kaspersky On-line Scanner version : 5.0.83.0
      Dernière mise à jour de la base antivirus Kaspersky : 28/03/2007
      Enregistrements dans la base antivirus Kaspersky : 270805


      Paramètres d'analyse
      Analyser avec la base antivirus suivante standard
      Analyser les archives vrai
      Analyser les bases de messagerie vrai

      Cible de l'analyse Poste de travail
      A:\
      C:\
      D:\
      E:\
      F:\

      Statistiques de l'analyse
      Total d'objets analysés 28595
      Nombre de virus trouvés 0
      Nombre d'objets infectés 0 / 0
      Nombre d'objets suspects 0
      Durée de l'analyse 00:46:47

      Nom de l'objet infecté Nom du virus Dernière action
      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0000 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0001 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0100 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0101 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0200 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0201 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0300 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0301 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.reph L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.repi L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.rept L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0000 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0001 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0100 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0101 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0200 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0201 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0300 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0301 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.reph L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.repi L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.rept L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0000 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0001 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0100 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0101 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0200 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0201 L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.reph L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.repi L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.rept L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

      C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

      C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

      C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

      C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Application Data\Microsoft\Modèles\Normal.dot L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Cookies\index.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Historique\History.IE5\MSHist012007032820070329\index.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temp\Perflib_Perfdata_154.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temp\~DF7A68.tmp L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temp\~DFD1C4.tmp L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temp\~DFDA12.tmp L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temp\~WRD0000.doc L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\CT2RW5AB\sc_scan[2].htm L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\CT2RW5AB\xscan53[1].cab L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\CT2RW5AB\xscan53[2].cab L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\CT2RW5AB\xscan53[3].cab L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\LWUKLNRS\Activescan[1].htm L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\NTUSER.DAT L'objet est verrouillé ignoré

      C:\Documents and Settings\technet\ntuser.dat.LOG L'objet est verrouillé ignoré

      C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\BWDocMap.pht L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\BWInfopakMap.pht L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\chandir.dat L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\chandir.idx L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\chn.dat L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\chn.idx L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\D0000000.FCS L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\inuse.txt L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\L0000006.FCS L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\main.log L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs.dat L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs.idx L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_die.dat L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_die.idx L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_dnd.dat L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_dnd.idx L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_ext.dat L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_ext.idx L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_rcv.dat L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_rcv.idx L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\storydb.dat L'objet est verrouillé ignoré

      C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\storydb.idx L'objet est verrouillé ignoré

      C:\Program Files\Yahoo!\Messenger\logs\billing_technet.log L'objet est verrouillé ignoré

      C:\Program Files\Yahoo!\Messenger\logs\client_technet.log L'objet est verrouillé ignoré

      C:\Program Files\Yahoo!\Messenger\logs\GIPS.log L'objet est verrouillé ignoré

      C:\Program Files\Yahoo!\Messenger\logs\network_technet.log L'objet est verrouillé ignoré

      C:\Program Files\Yahoo!\Messenger\logs\p2pce.log L'objet est verrouillé ignoré

      C:\Program Files\Yahoo!\Messenger\logs\voice.log L'objet est verrouillé ignoré

      C:\Program Files\Yahoo!\Messenger\logs\YSDP.log L'objet est verrouillé ignoré

      C:\Program Files\Yahoo!\Messenger\logs\YSIP.log L'objet est verrouillé ignoré

      C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

      C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

      C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

      C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

      C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

      C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

      C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

      C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

      C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

      C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

      C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

      Analyse terminée.
      0
  7. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    c'est propre, as tu encore des soucis?
    si tout va bien supprime tout ce qu'on a utilisé car ce ne sera plus utile désormais
    conserve néanmoins ccleaner et effectue le nettoyage tous les jours avant de couper le PC

    désactive ta restauration
    clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
    redémarre ton PC
    démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration

    installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
    AVG Antispyware
    https://www.avg.com/en-ww/free-antivirus-download

    mode d'utilisation :
    Lance AVG Anti-Spyware
    Clique sur le bouton « Analyse »
    Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
    Retour à l'onglet Analyse.
    Clique sur Analyse complète du système.
    A la fin du scan, choisis " Appliquer toutes les actions "
    Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
    ne laisse pas le résident car à la fin de la période d'essai, tu ne pourras plus t'en servir

    tu peux le coupler avec celui-ci
    spybot search and destroy

    défragmente

    indique ton sujet comme résolu
    et bon surf
    0
    1. dodo12 Messages postés 11 Statut Membre
       
      le PC maintenant est propre le probleme de message et l'icone a disparu
      merci beaucoup papyber
      0
  8. benjamin
     
    j'ai le meme probleme que dodo12....
    comment je fais ? je suis vraiment pas tres fort pour les ordis
    0
  9. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    pour benjamin
    tu fais ce qui est indiqué au post N°1 et tu postes les rapports
    0
  10. benjamin
     
    ok vois le rapport hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 08:33:58, on 29/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\kernels32.exe
    C:\Windows\xpupdate.exe
    C:\Program Files\IEEE 802.11b Wireless LAN\WLANMonitor2003.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
    O4 - HKCU\..\Run: [xrunwin] C:\WINDOWS\svchost.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
    O4 - Global Startup: IEEE 802.11b Wireless Utility.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{70C38CAD-75BB-4438-9618-4E7A2FE20A3D}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79E0BE90-CBD4-4721-A99F-6170387757AB}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C5D066FA-2ED1-4CA5-9245-73AD223FC298}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C67EB75F-3716-40EE-B56D-02D206AB863B}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E58E6E65-EBBF-4868-AD59-A42FC1275DCD}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: tcpR32 - tcpR32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    merci
    0
  11. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    Télécharge le FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.
    Ton système mettra un peu plus de temps au démarrage, c'est normal.

    Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{70C38CAD-75BB-4438-9618-4E7A2FE20A3D}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79E0BE90-CBD4-4721-A99F-6170387757AB}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C5D066FA-2ED1-4CA5-9245-73AD223FC298}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C67EB75F-3716-40EE-B56D-02D206AB863B}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E58E6E65-EBBF-4868-AD59-A42FC1275DCD}: NameServer = 85.255.113.92,85.255.112.13
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13

    Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

    A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

    Au final, poste le contenu du fichier C:\fixwareout\report.txt avec un nouveau rapport HijackThis

    Si et seulement si il y a des difficultés de connexion après cette manip:
    Démarrer---->Paramètres---->Panneau de configuration---->Connexions réseau
    Faire un clic droit sur la connexion par défaut, nommée en général "Connexion au réseau local" ou "Accès à distance" si tu utilises un modem téléphonique, et choisir Propriétés.
    Faire un double clic sur l'élément Protocole Internet (TCP/IP) et choisir le bouton-radio Obtenir les adresses des serveurs DNS automatiquement.
    Clique deux fois sur OK, et redémarre l'ordinateur.
    0
  12. benjamin
     
    voila le 1er rapport du fix :

    Fixwareout Last edited 2/11/2007
    Post this report in the forums please
    ...
    »»»»»Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="cskcx.exe"

    »»»»» System restarted

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}463D44E49DCE-B069-4A24-9A76-EDFA3504{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}CBEF493ED198-C4DA-EA74-6C95-FD69EABA{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D09708DFB814-68EB-15C4-D4CB-5C9E7A0C{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}EB0227687FF4-738B-D5E4-3966-A1208E90{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}02CD1C3EEF34-B629-9074-B895-90FFEBA9{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FB3DE2FE8E54-3CE8-0944-CD63-9552C32C{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}52C048CC7C90-70DB-D3D4-4C0E-9CA23DE6{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}21C439B652AD-B379-B2A4-B4EA-1F8B61BA{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D825754FBFF4-1AA8-2B34-D530-D04A5C0E{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}AADF1EB38CC0-6EC8-C194-6D6D-5F3C8095{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}190448E84236-DB08-29E4-D653-49489BC0{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3A391B58FC35-8EE9-26B4-3B0D-F058A449{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B0308405A173-58A8-FF44-1F75-AD1208D7{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DD655ABD12D0-B7AB-1454-8C40-B23FEDD0{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D17980157D62-9FCA-F094-B4C2-861DF89E{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C81F83DFF52B-3498-FF24-3FF8-8CD23EEB{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3FE103A76162-9869-2DA4-9E82-F6D580D2{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}66C314339710-AA98-AF54-6B7E-E4D9F878{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}11A5CBA9B9AD-3778-5DE4-AEC8-9F16AA59{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9AD95FF04ADC-E8E8-80D4-19E1-0BE3B557{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B2BC56915C69-8BD8-16F4-A0C3-C5EE5364{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4225880C9E4A-1D9B-48F4-BFA4-CEB97EEA{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F627DC41DF5F-21F9-FDE4-962D-4918C887{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}357C47FAC539-B649-A764-761F-A145ADFB{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E1EEE8F3D381-2CE9-2B84-513B-758E6BAD{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1724902DB206-D169-6554-D326-9F043E46{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E1758240FAD9-56DA-3A14-F5E2-3D860515{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2F091215B877-C76B-7764-714F-EA8FAC3E{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}18E13FE93ED3-DCCA-2B04-A3A3-D0D73490{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C57029E12023-63A8-00B4-E243-CE5D5D37{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}829874F8FE96-1C69-B294-A9C1-1598E0C6{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1AD7B6899CFA-E939-65A4-168C-4DB5BCDC{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FD5BFF63B1A1-BDBA-1B74-B7C3-654F3576{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A0119C895169-013A-9C84-64D3-27EF29C0{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C2D4956E6DB5-C1E8-1694-25EB-E492EC53{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F3A14DEDA980-BEA9-3694-06AE-489A8E51{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}582E6EC84F76-3149-2214-13D4-06E28557{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7FF7B4702A41-9159-3F04-44C9-65C39BA2{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}CC93D2C819EB-8B28-5064-A404-02986EE9{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2B2DC9A96D7E-9519-A094-53DD-E75ACE12{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}105902E0FC26-2B2A-2CC4-56AE-B1BFEE19{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}13A43A64DDB7-DFCA-BF54-4067-11CE8733{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}524221152302-7478-D044-4E0C-756354DD{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0A3ABC5476BF-F10B-FF94-5BD1-A37D6217{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}78FDBFC86C52-62D8-7C74-2E16-44D0D716{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}18BBC8FC1993-F3F9-F5E4-E8D5-8089AD06{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1EABFB02FB9E-D648-CD84-BD02-D31DCF9B{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B6D820A79D5A-BC8A-EA94-0FBB-AB9E5F31{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A5570E03C597-1B0B-E0C4-673B-96DEAD85{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C7EBC998FDA0-A268-6864-B4BE-CE48BBB4{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FF28DC89B9DE-DF2A-B2A4-1177-D68E88BB{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}BF57E1726443-FEC9-6294-21A8-AB35D738{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}EB5B21C6D890-ABF8-DD14-F659-821A12E6{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B1B1DF65F270-40FB-6A24-8E31-2289CD69{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E825920EBC2D-26BA-6E74-F7B2-E4D20D1C{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E7CE2D964FF4-73CB-C424-9C51-2EED8C74{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DA7DA2387BC9-2479-2404-7908-432897F4{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}8AF042CE3D14-07A9-2764-09DA-E871B5CF{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C2A642B5D90C-FB19-27F4-FFE8-F6E16999{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5B68AF6F442C-5EB9-51C4-19AD-00C2F1D7{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9242A76D54E1-53B8-F554-156E-D87B4C86{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A218C50D7DCB-626A-CE84-D94B-457054C7{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0CA3F5FA5CDC-8AD9-9294-2BAC-9C2B21FF{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D62DDE77AA37-621B-ABB4-31F5-3ADB29E8{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}44406EC25AF2-2E48-D834-3F42-72E7271B{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2CB905ED9FFB-53FB-5C44-2F31-85D5AADA{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}6C4EB51E1615-5F5A-E824-8B5D-BC232B2C{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}930B691CE90E-3768-3184-AC5E-723E906F{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9D0BCE9CAFAA-9529-CFC4-E07F-4603D4F7{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}23EC6A67403C-EC39-F294-8DA5-52177CF7{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}BE23A09A4643-7A9B-1F74-7B70-1F37E62E{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E794749B659A-7C48-F9E4-1082-45F798CF{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}AF6E9871E93D-9C59-D424-09F5-FF8F6845{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2955C0ECBF22-001B-EEF4-668E-18524876{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C50241C2D47F-A47B-98A4-4397-6ACECE1E{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}55C2B5B68D8F-6A08-8EF4-0415-2EEEDA6B{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}24EF1863C62E-6539-2F04-8756-1A69F34D{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}8E9BCC8CA7F5-65F9-2824-603A-43645838{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}943244A8A695-1948-D1C4-A21B-F7B2BD49{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0E13420CE414-A998-E824-AF82-2C593BAF{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D51708E44883-E038-CB74-D0B6-D9CC7BFC{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}59C85E6B7720-0628-F9E4-148B-5E462C5F{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7FE06B9E6587-FAD8-2734-D044-CD3B0EE5{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}12ABC5846FBF-4659-9F84-5F44-635C5625{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2DB87B35BF15-CDAB-66D4-A610-E922CC7B{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}AE872FE0E178-D5E8-7BA4-81D4-858174A2{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DAC606320485-18D9-EF64-40B8-036FD8EE{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}19B0EAFA0FA5-FA78-8AB4-953C-A7E2D1DC{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}19BE46AC1571-AE28-4354-A596-C4CE92C1{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A0B50D9B7B44-60D8-7044-7743-6AB6E3C4{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E0C2B345161A-46B9-D684-F500-2F5E5AD6{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}10BE68285A60-47EA-46F4-A4B8-B8D36167{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E699B560CA7D-AAFB-AA54-C7F2-9BFBEBEB{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3BB8EBC2BF91-945B-27C4-6744-C4901295{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}197B25227999-8F7A-8E64-9249-4D317DDB{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0248DC7720A6-6F29-7534-30A6-D0E877FE{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7D22AC9DD72E-9D48-9D74-181F-127E01AF{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E0ECE3E48EF3-CCC9-0094-309B-D9CFADAC{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D9E0EEA32461-B3A9-0314-9ED7-90037895{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}37A474E00129-B64B-C304-2755-17FA50CD{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DABAAEECE1E6-4518-8FC4-E7AA-DA4ACE76{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4972886B182E-406A-C4C4-C33D-A924AF71{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F1F1B1E4C523-557B-9964-4AD4-090E5E79{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5714E2AA4E1D-543A-8804-EB4D-F4631E0A{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E060DA20A736-E15B-FA74-A76D-7B07A12C{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}628505218186-859B-7164-CFA0-5FD6DD91{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}741906A58EEC-3BEB-3BD4-7B57-F8619860{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F8FF3575779C-445A-0FF4-B6FE-FB90E706{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7CDE6372659C-3909-C534-42B6-86049CC4{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}04B2008B1AA4-F749-94E4-21EB-9F4285E6{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}63F39E6FB049-9F29-D944-FE7C-644AB90C{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}957F18937EA2-B28B-BBA4-23EC-B6296FF7{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0F5CD1433149-A2D9-7B94-2ED1-275760F0{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}682DC102AE0C-482B-9D84-5BA6-B74081CC{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}082CAC7F4228-1669-5114-543F-D3A47EBE{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1E04C3AF6E15-F6CA-F184-7887-3371C6EC{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FDE6E29B2E7D-73F9-DAF4-7B24-30B79B9A{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E63BF898D8E9-01AA-1774-5B3D-A4FA73FB{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}ABCEAD7E0274-70B9-7E84-311F-29C2318A{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3A06A2DEFC61-2FE9-82A4-9DF0-5C85A1EA{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9F1058E3DD36-2CF8-FE34-DBA5-77EF1FEB{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C5568AF8919E-811A-CA84-EC8C-8FD07700{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5A53413C9004-F20A-D824-A5B4-FB4BD51F{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9AFF9E615897-70AB-C3C4-6DAF-BE2EEFF0{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}34EB380DCE05-92E9-F804-5D12-6CC0F5BC{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4D15121BD63E-5EBA-3324-8DB6-E51218EA{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B8B6CE5F98CE-D46B-CE34-9835-C80B3451{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}61097890D9E3-ABE9-DEC4-9426-5BD17E40{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5805F16A9EE1-08C8-AF84-1799-D3418FD0{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}115E7E1077D4-0448-AF84-148A-689A6B70{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9CBF85F4B326-F69A-FCE4-8243-330D2139{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FEF31ACCB669-4968-F3A4-6509-5F468CC9{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}864DCE737E70-1E58-BEB4-FC1F-FC1EF292{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2634A6743873-EACB-C4B4-D4BD-9313ED6E{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5A79A31C9E09-1A88-72C4-3F14-E38DBA18{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F77221557D07-3E68-4974-569C-AE9B0F12{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E67ADDA43039-92AB-C654-D3A7-7E7874E6{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1CE4D0F80C50-7E8A-67A4-7AE4-98BF6C44{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DB2E9EE548F6-41D9-87B4-D510-5D19D158{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D657923276FC-E97B-B3E4-4BEB-A97CFB35{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}994CD5307A21-9FCA-8864-7172-DF6CF715{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}38765BF557B7-87B9-42F4-4ED5-B8C8D73E{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}781261604571-44E8-0374-11EA-82A4AEB2{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C6A03D961E47-B18B-CAE4-A38C-668EAD31{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0A67036C9AC0-90C9-5184-0537-221710FD{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2853FCE02704-6D59-ACA4-F555-E6436AC0{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3BC1C7EC3732-A659-8734-2FC4-132E2E58{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}413C0B191603-FE98-3CC4-5329-4C24AE59{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}CE537D29E850-B448-9104-250D-2131F5C8{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D811386085D8-16A8-F8A4-E479-DEDBF408{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C8714E9AC58D-488A-7064-9578-1A57BDF7{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}186598DFDB1F-EFD8-55E4-043F-B2DD65BA{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}975A60244EF3-6D5A-3754-31A0-02EF85DC{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D7F8C31DC338-945A-2DD4-76A2-1E9CFC49{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1718BDE32843-AB0A-9E74-E212-9689B63C{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}82EE2A02762E-673A-6D74-C3FB-8E525E9C{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}18F7B2208D93-B60B-63B4-D4EE-37E7A585{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}67168DC0127F-DB69-0F74-AE55-DB7011B7{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0CE0EBD0F4EF-DBDB-D8F4-A4B0-0D821FEA{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0118126686E9-C239-63F4-E2C6-D1248D5A{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}36533FAC0DD0-09E8-CD04-314B-803780AC{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B73BDBB70726-298A-A754-AAC0-C2FF7776{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}500DCC6E0912-3599-54D4-16FF-9D6E84F4{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F9B72D5472D2-5F39-EE44-A05A-A5894A85{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "jlomd" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}65BDB6141F15-00DB-81B4-C279-0558C09D{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tbmmd" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ypszr" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "daolnwodi" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "lavinraCputeS" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "swen" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ogol" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eno" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ruof" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "evif" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eerht" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "onisacputes" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EB513DC0EF06-BCDA-1344-10D1-13F53F7F{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E2EC52466582-8048-61C4-5876-A06C51A4{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "ztumd" Deleted
    ....
    »»»»» Misc files.
    C:\Documents and Settings\Benji\Application Data\Install.dat Deleted
    C:\Documents and Settings\Benji\Application Data\kc.tmp Deleted
    C:\Documents and Settings\All Users\Favoris\Download Free Spyware Remover.url Deleted
    C:\Documents and Settings\All Users\Favoris\NEW VIAGRA at Half Price!.url Deleted
    C:\Documents and Settings\All Users\Favoris\Online Chat With Nude Girls.url Deleted
    C:\Documents and Settings\All Users\Favoris\Order CIALIS online without leaving home..url Deleted
    C:\Documents and Settings\All Users\Favoris\PC protection in under 2 minutes!.url Deleted
    C:\Documents and Settings\All Users\Favoris\SEX Dating - Real Girls For Real SEX.url Deleted
    C:\Documents and Settings\All Users\Favoris\Stop PopUps On Your Computer.url Deleted
    C:\Documents and Settings\All Users\Favoris\VIAGRA at incredible low price. Bonus Pills!.url Deleted
    C:\Documents and Settings\All Users\Favoris\View ADULT photos of REAL GIRLS!.url Deleted
    C:\Documents and Settings\Benji\Favoris\Download Free Spyware Remover.url Deleted
    C:\Documents and Settings\Benji\Favoris\Stop PopUps On Your Computer.url Deleted
    C:\WINDOWS\desktop.html Deleted
    C:\WINDOWS\RDT.INI Deleted
    C:\WINDOWS\xpupdate.exe Deleted
    C:\Documents and Settings\All Users\Favoris\Online Pharmacy Deleted
    C:\Documents and Settings\All Users\Favoris\Sex and Dating Deleted
    C:\Documents and Settings\All Users\Favoris\Spyware Uninstall Deleted
    C:\Documents and Settings\Benji\Favoris\Sex and Dating Deleted
    C:\Documents and Settings\Benji\Favoris\Spyware Uninstall Deleted
    C:\WINDOWS\System32\kernel32.exe Deleted
    ....
    »»»»» Checking for older varients.
    ....

    Search five digit cs, dm, kd, jb, other, files.
    The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

    Click browse, find the file then click submit.
    http://www.virustotal.com/flash/index_en.html
    Or https://virusscan.jotti.org/

    »»»»» Other

    »»»»» Current runs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
    "avast!"="\"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\""
    "syswin"="C:\\WINDOWS\\system32\\v6.exe"
    "System"="C:\\WINDOWS\\system32\\kernels32.exe"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "xrunwin"="C:\\WINDOWS\\svchost.exe"
    "Brave-Sentry"="C:\\Program Files\\BraveSentry\\BraveSentry.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»
    0
  13. benjamin
     
    voila le rapport hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 19:45:53, on 29/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\kernels32.exe
    C:\Program Files\BraveSentry\BraveSentry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IEEE 802.11b Wireless LAN\WLANMonitor2003.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\WINDOWS\system32\dlh9jkd1q2.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
    O4 - HKCU\..\Run: [xrunwin] C:\WINDOWS\svchost.exe
    O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - Global Startup: IEEE 802.11b Wireless Utility.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: tcpR32 - tcpR32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    merci encore
    0
  14. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    télécharge GenProc sur ton bureau
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    0
  15. benjamin
     
    voila le rapport genpoc

    Rapport GenProc 0.31 effectué le 29/03/2007 à 19:56:14,54 - SystemRoot = C:\WINDOWS

    Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    # Etape 1/ Télécharge :

    - FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
    Quand ton système aura redémarré, suis les invites des messages. A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

    # Etape 2/ Lance CCleaner > "Nettoyeur" > "Lancer le nettoyage" et c'est tout.

    # Etape 3/ Poste le contenu du fichier C:\fixwareout\report.txt, un nouveau rapport HijackThis et un nouveau rapport GenProc.
    0
  16. benjamin
     
    voila le rapport :

    Fixwareout Last edited 2/11/2007
    Post this report in the forums please
    ...
    »»»»»Prerun check

    »»»»» System restarted

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    »»»»» Misc files.
    C:\WINDOWS\xpupdate.exe Deleted
    ....
    »»»»» Checking for older varients.
    ....

    Search five digit cs, dm, kd, jb, other, files.
    The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

    Click browse, find the file then click submit.
    http://www.virustotal.com/flash/index_en.html
    Or https://virusscan.jotti.org/

    »»»»» Other

    »»»»» Current runs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
    "avast!"="\"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\""
    "syswin"="C:\\WINDOWS\\system32\\v6.exe"
    "System"="C:\\WINDOWS\\system32\\kernels32.exe"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "xrunwin"="C:\\WINDOWS\\svchost.exe"
    "Brave-Sentry"="C:\\Program Files\\BraveSentry\\BraveSentry.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»
    0
  17. benjamin
     
    le rapport hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 20:51:43, on 29/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\kernels32.exe
    C:\Program Files\BraveSentry\BraveSentry.exe
    C:\Program Files\IEEE 802.11b Wireless LAN\WLANMonitor2003.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dlh9jkd1q2.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
    O4 - HKCU\..\Run: [xrunwin] C:\WINDOWS\svchost.exe
    O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - Global Startup: IEEE 802.11b Wireless Utility.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: tcpR32 - tcpR32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    0
  18. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    bon on va commencer avec ceci
    télécharge GenProc sur ton bureau
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    0
  19. benjamin
     
    voila ce que ca m'affiche apres avec fait le genpoc :

    Rapport GenProc 0.31 effectué le 29/03/2007 à 21:47:44,41 - SystemRoot = C:\WINDOWS

    ## WareOut semble toujours présent, consultez le fichier journal ##

    # Etape 1/ Télécharge :

    - SmitfrauFix de S!Ri: Moe et Balltrap34 http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    * double-clique sur le fichier "smitfraudfix.exe" et choisis l’option 1, il va lister tous les éléments nuisibles dans un rapport : poste le maintenant.

    - SDfix http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

    ***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "Benji") *****

    # Etape 2/

    Double-clique sur le fichier "SmitfraudFix.exe" et choisis l’option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

    # Etape 3/

    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur "RunThis.bat" pour lancer le script.
    - Appuie sur "Y" pour commencer le processus de nettoyage.
    - Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    - Appuie sur une touche pour redémarrer le PC.
    - Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    - Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
    - Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    - Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom "Report.txt".
    ~ Le fichier "SDFIX_README.htm" (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
    ~ Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésite donc pas à télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

    # Etape 4/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 5/

    Redémarre normalement et poste :
    - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées si tu ne l'as pas tu trouveras HijackThis ici http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ;
    - Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
    - Le contenu du fichier Report.txt ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
    0
  20. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    1/ Télécharge le FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.
    Ton système mettra un peu plus de temps au démarrage, c'est normal.

    Quand ton système aura redémarré, suis les invites des messages

    A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

    Au final, poste le contenu du fichier C:\fixwareout\report.txt avec un nouveau rapport HijackThis
    Si et seulement si il y a des difficultés de connexion après cette manip:
    Démarrer---->Paramètres---->Panneau de configuration---->Connexions réseau
    Faire un clic droit sur la connexion par défaut, nommée en général "Connexion au réseau local" ou "Accès à distance" si tu utilises un modem téléphonique, et choisir Propriétés.
    Faire un double clic sur l'élément Protocole Internet (TCP/IP) et choisir le bouton-radio Obtenir les adresses des serveurs DNS automatiquement.
    Clique deux fois sur OK, et redémarre l'ordinateur

    2/suis très exactement ce que te dit le rapport GenProc

    # Etape 1/ Télécharge :

    - SmitfrauFix de S!Ri: Moe et Balltrap34 http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    * double-clique sur le fichier "smitfraudfix.exe" et choisis l’option 1, il va lister tous les éléments nuisibles dans un rapport : poste le maintenant.

    - SDfix http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

    ***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.microsoft.com/fr-fr/ (choisis ta session courante "Benji") *****

    # Etape 2/

    Double-clique sur le fichier "SmitfraudFix.exe" et choisis l’option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

    # Etape 3/

    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur "RunThis.bat" pour lancer le script.
    - Appuie sur "Y" pour commencer le processus de nettoyage.
    - Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    - Appuie sur une touche pour redémarrer le PC.
    - Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    - Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
    - Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    - Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom "Report.txt".
    ~ Le fichier "SDFIX_README.htm" (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
    ~ Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésite donc pas à télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

    # Etape 4/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 5/

    Redémarre normalement et poste :
    - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées si tu ne l'as pas tu trouveras HijackThis ici http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ;
    - Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
    - Le contenu du fichier Report.txt ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
    0