Sujet Précédent Sujet Suivant

Spyware virus

Résolu
dodo12 Messages postés 11 Statut Membre -  
papyber Messages postés 6430 Statut Contributeur sécurité -
lors de demarrage

Your computer is infected!
Windows has detected spyware infection.
It is recommended to use special antispyware tools to prevent data loss.
Windows will now download and install the most
up-to-date antispyware for you.
Click here to protect your computer from spyware.

plus une icones rouge avec la croix blanche
A voir également:

19 réponses

Réponse 1 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
télécharge et installe le logiciel HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
télécharge GenProc sur ton bureau
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
poste un rapport hijack this après GenProc
0
dodo12 Messages postés 11 Statut Membre
 
merci pour ton message
pour GenProc apres l'execution s'affiche "Bonjour Aucune infection caractéristique trouvée !! "
et voila le rapport de Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 16:27:46, on 27/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.menara.ma/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.menara.ma/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [pro] C:\antivir.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Abonnés - {03F615A1-4EF2-4AF9-A6CE-8CA95574C8B4} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{69094608-2C3E-4CC3-BCD3-F625A6304414}: NameServer = 212.217.0.16 196.217.246.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB773160-CACF-4266-A827-827BD7750868}: NameServer = 212.217.0.1,212.217.0.12
O18 - Protocol: bw+0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
0
Réponse 2 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
passe un coup de ccleaner nettoyeur seulement
https://www.pcastuces.com/logitheque/ccleaner.htm

faire un scan avec AVG Antispyware en mode sans echec le mettre à jour préalablement
https://www.avg.com/en-ww/free-antivirus-download

Lance AVG Anti-Spyware
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

redémarre en mode normal
Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Installe le à la racine de C\ : double clique sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
Poste le rapport
Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.
0
dodo12 Messages postés 11 Statut Membre
 
j'ai fait ces etapes et voila le resultat
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:26:20 27/03/2007

+ Résultat de l'analyse:



C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-602162358-688789844-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\technet\Application Data\drvcleaner.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\antivir.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Nettoyé et sauvegardé (mise en quarantaine).
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xlibgfl254.dll -> Trojan.Agent : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport




SmitFraudFix v2.151

Rapport fait à 19:42:26,67, 27/03/2007
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\technet


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\technet\Application Data

C:\Documents and Settings\technet\Application Data\Install.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\technet\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 3 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
Utilisation ----- option 2 -Nettoyage :

* Redémarre l'ordinateur en mode sans échec

* Double clique sur smitfraudfix.cmd

* Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté.

A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
* Redémarre en mode normal et poste le rapport ici

N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
Attention que l'option 2 de l'outil supprime le fond d'écran !
0
dodo12 Messages postés 11 Statut Membre
 
l'ecran devient Bleu et j'ai pas vu ca :Le fix déterminera si le fichier wininet.dll est infecté.

A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu
voila le Raport

SmitFraudFix v2.151

Rapport fait à 21:16:01,60, 27/03/2007
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 4 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
poste moi un rapport hijack
0
dodo12 Messages postés 11 Statut Membre
 
Logfile of HijackThis v1.99.1
Scan saved at 21:49:01, on 27/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Abonnés - {03F615A1-4EF2-4AF9-A6CE-8CA95574C8B4} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{69094608-2C3E-4CC3-BCD3-F625A6304414}: NameServer = 212.217.0.14 196.217.246.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB773160-CACF-4266-A827-827BD7750868}: NameServer = 212.217.0.1,212.217.0.12
O18 - Protocol: bw+0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
lance hijack pour un scan et coches les lignes suivantes
09 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Abonnés - {03F615A1-4EF2-4AF9-A6CE-8CA95574C8B4} - http://abonne.menara.ma (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.menara.ma/

O18 - Protocol: bw+0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5D5B5053-C7F9-4E47-B484-22BD1C3598CD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

ferme toutes tes fenêtres y compris internet et clique sur fixer l'objet

si tout va bien supprime tout ce qu'on a utilisé car ce ne sera plus utile désormais
passe un coup de ccleaner
https://www.pcastuces.com/logitheque/ccleaner.htm

fais un scan en ligne sur l’un de ces sites
http://pandasoftware.fr
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
http://www.bitdefender.fr/scan8/ie.html
http://www.secuser.com/outils/antivirus.htm
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=fr&venid=sym
et colle le rapport
je le regarderai demain; bonne nuit
0
dodo12 Messages postés 11 Statut Membre
 
d'accord bonne nuit
voile le rapport
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, March 28, 2007 2:01:49 AM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 28/03/2007
Enregistrements dans la base antivirus Kaspersky : 270805


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\

Statistiques de l'analyse
Total d'objets analysés 28595
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:46:47

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0000 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0001 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0100 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0101 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0200 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0201 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0300 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0301 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.reph L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.repi L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.rept L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0000 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0001 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0100 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0101 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0200 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0201 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0300 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0301 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.reph L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.repi L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.rept L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0000 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0001 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0100 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0101 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0200 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0201 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.reph L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.repi L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.rept L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Application Data\Microsoft\Modèles\Normal.dot L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Historique\History.IE5\MSHist012007032820070329\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temp\Perflib_Perfdata_154.dat L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temp\~DF7A68.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temp\~DFD1C4.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temp\~DFDA12.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temp\~WRD0000.doc L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\CT2RW5AB\sc_scan[2].htm L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\CT2RW5AB\xscan53[1].cab L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\CT2RW5AB\xscan53[2].cab L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\CT2RW5AB\xscan53[3].cab L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\technet\Local Settings\Temporary Internet Files\Content.IE5\LWUKLNRS\Activescan[1].htm L'objet est verrouillé ignoré

C:\Documents and Settings\technet\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\technet\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\BWDocMap.pht L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\BWInfopakMap.pht L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\chandir.dat L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\chandir.idx L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\chn.dat L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\chn.idx L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\D0000000.FCS L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\inuse.txt L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\L0000006.FCS L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\main.log L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs.dat L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs.idx L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_die.dat L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_die.idx L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_dnd.dat L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_dnd.idx L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_ext.dat L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_ext.idx L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_rcv.dat L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\prs_rcv.idx L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\storydb.dat L'objet est verrouillé ignoré

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\technet\Data\storydb.idx L'objet est verrouillé ignoré

C:\Program Files\Yahoo!\Messenger\logs\billing_technet.log L'objet est verrouillé ignoré

C:\Program Files\Yahoo!\Messenger\logs\client_technet.log L'objet est verrouillé ignoré

C:\Program Files\Yahoo!\Messenger\logs\GIPS.log L'objet est verrouillé ignoré

C:\Program Files\Yahoo!\Messenger\logs\network_technet.log L'objet est verrouillé ignoré

C:\Program Files\Yahoo!\Messenger\logs\p2pce.log L'objet est verrouillé ignoré

C:\Program Files\Yahoo!\Messenger\logs\voice.log L'objet est verrouillé ignoré

C:\Program Files\Yahoo!\Messenger\logs\YSDP.log L'objet est verrouillé ignoré

C:\Program Files\Yahoo!\Messenger\logs\YSIP.log L'objet est verrouillé ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.
0
Réponse 6 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
c'est propre, as tu encore des soucis?
si tout va bien supprime tout ce qu'on a utilisé car ce ne sera plus utile désormais
conserve néanmoins ccleaner et effectue le nettoyage tous les jours avant de couper le PC

désactive ta restauration
clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
redémarre ton PC
démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration

installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download

mode d'utilisation :
Lance AVG Anti-Spyware
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
ne laisse pas le résident car à la fin de la période d'essai, tu ne pourras plus t'en servir

tu peux le coupler avec celui-ci
spybot search and destroy

défragmente

indique ton sujet comme résolu
et bon surf
0
dodo12 Messages postés 11 Statut Membre
 
le PC maintenant est propre le probleme de message et l'icone a disparu
merci beaucoup papyber
0
Réponse 7 / 19
benjamin
 
j'ai le meme probleme que dodo12....
comment je fais ? je suis vraiment pas tres fort pour les ordis
0
Réponse 8 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
pour benjamin
tu fais ce qui est indiqué au post N°1 et tu postes les rapports
0
Réponse 9 / 19
benjamin
 
ok vois le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 08:33:58, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\kernels32.exe
C:\Windows\xpupdate.exe
C:\Program Files\IEEE 802.11b Wireless LAN\WLANMonitor2003.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKCU\..\Run: [xrunwin] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - Global Startup: IEEE 802.11b Wireless Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70C38CAD-75BB-4438-9618-4E7A2FE20A3D}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E0BE90-CBD4-4721-A99F-6170387757AB}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5D066FA-2ED1-4CA5-9245-73AD223FC298}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{C67EB75F-3716-40EE-B56D-02D206AB863B}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{E58E6E65-EBBF-4868-AD59-A42FC1275DCD}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: tcpR32 - tcpR32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

merci
0
Réponse 10 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

O17 - HKLM\System\CCS\Services\Tcpip\..\{70C38CAD-75BB-4438-9618-4E7A2FE20A3D}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E0BE90-CBD4-4721-A99F-6170387757AB}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5D066FA-2ED1-4CA5-9245-73AD223FC298}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{C67EB75F-3716-40EE-B56D-02D206AB863B}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{E58E6E65-EBBF-4868-AD59-A42FC1275DCD}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13

Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

Au final, poste le contenu du fichier C:\fixwareout\report.txt avec un nouveau rapport HijackThis

Si et seulement si il y a des difficultés de connexion après cette manip:
Démarrer---->Paramètres---->Panneau de configuration---->Connexions réseau
Faire un clic droit sur la connexion par défaut, nommée en général "Connexion au réseau local" ou "Accès à distance" si tu utilises un modem téléphonique, et choisir Propriétés.
Faire un double clic sur l'élément Protocole Internet (TCP/IP) et choisir le bouton-radio Obtenir les adresses des serveurs DNS automatiquement.
Clique deux fois sur OK, et redémarre l'ordinateur.
0
Réponse 11 / 19
benjamin
 
voila le 1er rapport du fix :

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="cskcx.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}463D44E49DCE-B069-4A24-9A76-EDFA3504{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}CBEF493ED198-C4DA-EA74-6C95-FD69EABA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D09708DFB814-68EB-15C4-D4CB-5C9E7A0C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}EB0227687FF4-738B-D5E4-3966-A1208E90{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}02CD1C3EEF34-B629-9074-B895-90FFEBA9{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FB3DE2FE8E54-3CE8-0944-CD63-9552C32C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}52C048CC7C90-70DB-D3D4-4C0E-9CA23DE6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}21C439B652AD-B379-B2A4-B4EA-1F8B61BA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D825754FBFF4-1AA8-2B34-D530-D04A5C0E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}AADF1EB38CC0-6EC8-C194-6D6D-5F3C8095{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}190448E84236-DB08-29E4-D653-49489BC0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3A391B58FC35-8EE9-26B4-3B0D-F058A449{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B0308405A173-58A8-FF44-1F75-AD1208D7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DD655ABD12D0-B7AB-1454-8C40-B23FEDD0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D17980157D62-9FCA-F094-B4C2-861DF89E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C81F83DFF52B-3498-FF24-3FF8-8CD23EEB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3FE103A76162-9869-2DA4-9E82-F6D580D2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}66C314339710-AA98-AF54-6B7E-E4D9F878{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}11A5CBA9B9AD-3778-5DE4-AEC8-9F16AA59{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9AD95FF04ADC-E8E8-80D4-19E1-0BE3B557{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B2BC56915C69-8BD8-16F4-A0C3-C5EE5364{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4225880C9E4A-1D9B-48F4-BFA4-CEB97EEA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F627DC41DF5F-21F9-FDE4-962D-4918C887{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}357C47FAC539-B649-A764-761F-A145ADFB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E1EEE8F3D381-2CE9-2B84-513B-758E6BAD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1724902DB206-D169-6554-D326-9F043E46{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E1758240FAD9-56DA-3A14-F5E2-3D860515{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2F091215B877-C76B-7764-714F-EA8FAC3E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}18E13FE93ED3-DCCA-2B04-A3A3-D0D73490{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C57029E12023-63A8-00B4-E243-CE5D5D37{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}829874F8FE96-1C69-B294-A9C1-1598E0C6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1AD7B6899CFA-E939-65A4-168C-4DB5BCDC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FD5BFF63B1A1-BDBA-1B74-B7C3-654F3576{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A0119C895169-013A-9C84-64D3-27EF29C0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C2D4956E6DB5-C1E8-1694-25EB-E492EC53{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F3A14DEDA980-BEA9-3694-06AE-489A8E51{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}582E6EC84F76-3149-2214-13D4-06E28557{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7FF7B4702A41-9159-3F04-44C9-65C39BA2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}CC93D2C819EB-8B28-5064-A404-02986EE9{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2B2DC9A96D7E-9519-A094-53DD-E75ACE12{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}105902E0FC26-2B2A-2CC4-56AE-B1BFEE19{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}13A43A64DDB7-DFCA-BF54-4067-11CE8733{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}524221152302-7478-D044-4E0C-756354DD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0A3ABC5476BF-F10B-FF94-5BD1-A37D6217{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}78FDBFC86C52-62D8-7C74-2E16-44D0D716{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}18BBC8FC1993-F3F9-F5E4-E8D5-8089AD06{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1EABFB02FB9E-D648-CD84-BD02-D31DCF9B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B6D820A79D5A-BC8A-EA94-0FBB-AB9E5F31{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A5570E03C597-1B0B-E0C4-673B-96DEAD85{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C7EBC998FDA0-A268-6864-B4BE-CE48BBB4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FF28DC89B9DE-DF2A-B2A4-1177-D68E88BB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}BF57E1726443-FEC9-6294-21A8-AB35D738{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}EB5B21C6D890-ABF8-DD14-F659-821A12E6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B1B1DF65F270-40FB-6A24-8E31-2289CD69{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E825920EBC2D-26BA-6E74-F7B2-E4D20D1C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E7CE2D964FF4-73CB-C424-9C51-2EED8C74{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DA7DA2387BC9-2479-2404-7908-432897F4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}8AF042CE3D14-07A9-2764-09DA-E871B5CF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C2A642B5D90C-FB19-27F4-FFE8-F6E16999{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5B68AF6F442C-5EB9-51C4-19AD-00C2F1D7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9242A76D54E1-53B8-F554-156E-D87B4C86{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A218C50D7DCB-626A-CE84-D94B-457054C7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0CA3F5FA5CDC-8AD9-9294-2BAC-9C2B21FF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D62DDE77AA37-621B-ABB4-31F5-3ADB29E8{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}44406EC25AF2-2E48-D834-3F42-72E7271B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2CB905ED9FFB-53FB-5C44-2F31-85D5AADA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}6C4EB51E1615-5F5A-E824-8B5D-BC232B2C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}930B691CE90E-3768-3184-AC5E-723E906F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9D0BCE9CAFAA-9529-CFC4-E07F-4603D4F7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}23EC6A67403C-EC39-F294-8DA5-52177CF7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}BE23A09A4643-7A9B-1F74-7B70-1F37E62E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E794749B659A-7C48-F9E4-1082-45F798CF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}AF6E9871E93D-9C59-D424-09F5-FF8F6845{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2955C0ECBF22-001B-EEF4-668E-18524876{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C50241C2D47F-A47B-98A4-4397-6ACECE1E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}55C2B5B68D8F-6A08-8EF4-0415-2EEEDA6B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}24EF1863C62E-6539-2F04-8756-1A69F34D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}8E9BCC8CA7F5-65F9-2824-603A-43645838{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}943244A8A695-1948-D1C4-A21B-F7B2BD49{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0E13420CE414-A998-E824-AF82-2C593BAF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D51708E44883-E038-CB74-D0B6-D9CC7BFC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}59C85E6B7720-0628-F9E4-148B-5E462C5F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7FE06B9E6587-FAD8-2734-D044-CD3B0EE5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}12ABC5846FBF-4659-9F84-5F44-635C5625{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2DB87B35BF15-CDAB-66D4-A610-E922CC7B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}AE872FE0E178-D5E8-7BA4-81D4-858174A2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DAC606320485-18D9-EF64-40B8-036FD8EE{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}19B0EAFA0FA5-FA78-8AB4-953C-A7E2D1DC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}19BE46AC1571-AE28-4354-A596-C4CE92C1{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A0B50D9B7B44-60D8-7044-7743-6AB6E3C4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E0C2B345161A-46B9-D684-F500-2F5E5AD6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}10BE68285A60-47EA-46F4-A4B8-B8D36167{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E699B560CA7D-AAFB-AA54-C7F2-9BFBEBEB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3BB8EBC2BF91-945B-27C4-6744-C4901295{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}197B25227999-8F7A-8E64-9249-4D317DDB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0248DC7720A6-6F29-7534-30A6-D0E877FE{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7D22AC9DD72E-9D48-9D74-181F-127E01AF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E0ECE3E48EF3-CCC9-0094-309B-D9CFADAC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D9E0EEA32461-B3A9-0314-9ED7-90037895{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}37A474E00129-B64B-C304-2755-17FA50CD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DABAAEECE1E6-4518-8FC4-E7AA-DA4ACE76{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4972886B182E-406A-C4C4-C33D-A924AF71{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F1F1B1E4C523-557B-9964-4AD4-090E5E79{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5714E2AA4E1D-543A-8804-EB4D-F4631E0A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E060DA20A736-E15B-FA74-A76D-7B07A12C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}628505218186-859B-7164-CFA0-5FD6DD91{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}741906A58EEC-3BEB-3BD4-7B57-F8619860{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F8FF3575779C-445A-0FF4-B6FE-FB90E706{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7CDE6372659C-3909-C534-42B6-86049CC4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}04B2008B1AA4-F749-94E4-21EB-9F4285E6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}63F39E6FB049-9F29-D944-FE7C-644AB90C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}957F18937EA2-B28B-BBA4-23EC-B6296FF7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0F5CD1433149-A2D9-7B94-2ED1-275760F0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}682DC102AE0C-482B-9D84-5BA6-B74081CC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}082CAC7F4228-1669-5114-543F-D3A47EBE{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1E04C3AF6E15-F6CA-F184-7887-3371C6EC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FDE6E29B2E7D-73F9-DAF4-7B24-30B79B9A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E63BF898D8E9-01AA-1774-5B3D-A4FA73FB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}ABCEAD7E0274-70B9-7E84-311F-29C2318A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3A06A2DEFC61-2FE9-82A4-9DF0-5C85A1EA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9F1058E3DD36-2CF8-FE34-DBA5-77EF1FEB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C5568AF8919E-811A-CA84-EC8C-8FD07700{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5A53413C9004-F20A-D824-A5B4-FB4BD51F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9AFF9E615897-70AB-C3C4-6DAF-BE2EEFF0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}34EB380DCE05-92E9-F804-5D12-6CC0F5BC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4D15121BD63E-5EBA-3324-8DB6-E51218EA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B8B6CE5F98CE-D46B-CE34-9835-C80B3451{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}61097890D9E3-ABE9-DEC4-9426-5BD17E40{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5805F16A9EE1-08C8-AF84-1799-D3418FD0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}115E7E1077D4-0448-AF84-148A-689A6B70{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9CBF85F4B326-F69A-FCE4-8243-330D2139{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}FEF31ACCB669-4968-F3A4-6509-5F468CC9{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}864DCE737E70-1E58-BEB4-FC1F-FC1EF292{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2634A6743873-EACB-C4B4-D4BD-9313ED6E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5A79A31C9E09-1A88-72C4-3F14-E38DBA18{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F77221557D07-3E68-4974-569C-AE9B0F12{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}E67ADDA43039-92AB-C654-D3A7-7E7874E6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1CE4D0F80C50-7E8A-67A4-7AE4-98BF6C44{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}DB2E9EE548F6-41D9-87B4-D510-5D19D158{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D657923276FC-E97B-B3E4-4BEB-A97CFB35{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}994CD5307A21-9FCA-8864-7172-DF6CF715{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}38765BF557B7-87B9-42F4-4ED5-B8C8D73E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}781261604571-44E8-0374-11EA-82A4AEB2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C6A03D961E47-B18B-CAE4-A38C-668EAD31{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0A67036C9AC0-90C9-5184-0537-221710FD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2853FCE02704-6D59-ACA4-F555-E6436AC0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3BC1C7EC3732-A659-8734-2FC4-132E2E58{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}413C0B191603-FE98-3CC4-5329-4C24AE59{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}CE537D29E850-B448-9104-250D-2131F5C8{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D811386085D8-16A8-F8A4-E479-DEDBF408{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}C8714E9AC58D-488A-7064-9578-1A57BDF7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}186598DFDB1F-EFD8-55E4-043F-B2DD65BA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}975A60244EF3-6D5A-3754-31A0-02EF85DC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D7F8C31DC338-945A-2DD4-76A2-1E9CFC49{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1718BDE32843-AB0A-9E74-E212-9689B63C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}82EE2A02762E-673A-6D74-C3FB-8E525E9C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}18F7B2208D93-B60B-63B4-D4EE-37E7A585{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}67168DC0127F-DB69-0F74-AE55-DB7011B7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0CE0EBD0F4EF-DBDB-D8F4-A4B0-0D821FEA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}0118126686E9-C239-63F4-E2C6-D1248D5A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}36533FAC0DD0-09E8-CD04-314B-803780AC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B73BDBB70726-298A-A754-AAC0-C2FF7776{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}500DCC6E0912-3599-54D4-16FF-9D6E84F4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F9B72D5472D2-5F39-EE44-A05A-A5894A85{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "jlomd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}65BDB6141F15-00DB-81B4-C279-0558C09D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tbmmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ypszr" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "daolnwodi" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "lavinraCputeS" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "swen" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eno" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ruof" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "evif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eerht" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "onisacputes" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EB513DC0EF06-BCDA-1344-10D1-13F53F7F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E2EC52466582-8048-61C4-5876-A06C51A4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "ztumd" Deleted
....
»»»»» Misc files.
C:\Documents and Settings\Benji\Application Data\Install.dat Deleted
C:\Documents and Settings\Benji\Application Data\kc.tmp Deleted
C:\Documents and Settings\All Users\Favoris\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\All Users\Favoris\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\All Users\Favoris\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\All Users\Favoris\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\All Users\Favoris\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\All Users\Favoris\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\All Users\Favoris\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\All Users\Favoris\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\All Users\Favoris\View ADULT photos of REAL GIRLS!.url Deleted
C:\Documents and Settings\Benji\Favoris\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\Benji\Favoris\Stop PopUps On Your Computer.url Deleted
C:\WINDOWS\desktop.html Deleted
C:\WINDOWS\RDT.INI Deleted
C:\WINDOWS\xpupdate.exe Deleted
C:\Documents and Settings\All Users\Favoris\Online Pharmacy Deleted
C:\Documents and Settings\All Users\Favoris\Sex and Dating Deleted
C:\Documents and Settings\All Users\Favoris\Spyware Uninstall Deleted
C:\Documents and Settings\Benji\Favoris\Sex and Dating Deleted
C:\Documents and Settings\Benji\Favoris\Spyware Uninstall Deleted
C:\WINDOWS\System32\kernel32.exe Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or https://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
"avast!"="\"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\""
"syswin"="C:\\WINDOWS\\system32\\v6.exe"
"System"="C:\\WINDOWS\\system32\\kernels32.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xrunwin"="C:\\WINDOWS\\svchost.exe"
"Brave-Sentry"="C:\\Program Files\\BraveSentry\\BraveSentry.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
0
Réponse 12 / 19
benjamin
 
voila le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 19:45:53, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\kernels32.exe
C:\Program Files\BraveSentry\BraveSentry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IEEE 802.11b Wireless LAN\WLANMonitor2003.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\dlh9jkd1q2.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKCU\..\Run: [xrunwin] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Global Startup: IEEE 802.11b Wireless Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: tcpR32 - tcpR32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

merci encore
0
Réponse 13 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
télécharge GenProc sur ton bureau
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
0
Réponse 14 / 19
benjamin
 
voila le rapport genpoc

Rapport GenProc 0.31 effectué le 29/03/2007 à 19:56:14,54 - SystemRoot = C:\WINDOWS

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
Quand ton système aura redémarré, suis les invites des messages. A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

# Etape 2/ Lance CCleaner > "Nettoyeur" > "Lancer le nettoyage" et c'est tout.

# Etape 3/ Poste le contenu du fichier C:\fixwareout\report.txt, un nouveau rapport HijackThis et un nouveau rapport GenProc.
0
Réponse 15 / 19
benjamin
 
voila le rapport :

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
C:\WINDOWS\xpupdate.exe Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or https://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
"avast!"="\"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\""
"syswin"="C:\\WINDOWS\\system32\\v6.exe"
"System"="C:\\WINDOWS\\system32\\kernels32.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xrunwin"="C:\\WINDOWS\\svchost.exe"
"Brave-Sentry"="C:\\Program Files\\BraveSentry\\BraveSentry.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
0
Réponse 16 / 19
benjamin
 
le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 20:51:43, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\kernels32.exe
C:\Program Files\BraveSentry\BraveSentry.exe
C:\Program Files\IEEE 802.11b Wireless LAN\WLANMonitor2003.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dlh9jkd1q2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKCU\..\Run: [xrunwin] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Global Startup: IEEE 802.11b Wireless Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: tcpR32 - tcpR32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
0
Réponse 17 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
bon on va commencer avec ceci
télécharge GenProc sur ton bureau
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
0
Réponse 18 / 19
benjamin
 
voila ce que ca m'affiche apres avec fait le genpoc :

Rapport GenProc 0.31 effectué le 29/03/2007 à 21:47:44,41 - SystemRoot = C:\WINDOWS

## WareOut semble toujours présent, consultez le fichier journal ##

# Etape 1/ Télécharge :

- SmitfrauFix de S!Ri: Moe et Balltrap34 http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* double-clique sur le fichier "smitfraudfix.exe" et choisis l’option 1, il va lister tous les éléments nuisibles dans un rapport : poste le maintenant.

- SDfix http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "Benji") *****

# Etape 2/

Double-clique sur le fichier "SmitfraudFix.exe" et choisis l’option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

# Etape 3/

Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur "RunThis.bat" pour lancer le script.
- Appuie sur "Y" pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom "Report.txt".
~ Le fichier "SDFIX_README.htm" (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
~ Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésite donc pas à télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

# Etape 4/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 5/

Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées si tu ne l'as pas tu trouveras HijackThis ici http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ;
- Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
- Le contenu du fichier Report.txt ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
0
Réponse 19 / 19
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
1/ Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages

A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

Au final, poste le contenu du fichier C:\fixwareout\report.txt avec un nouveau rapport HijackThis
Si et seulement si il y a des difficultés de connexion après cette manip:
Démarrer---->Paramètres---->Panneau de configuration---->Connexions réseau
Faire un clic droit sur la connexion par défaut, nommée en général "Connexion au réseau local" ou "Accès à distance" si tu utilises un modem téléphonique, et choisir Propriétés.
Faire un double clic sur l'élément Protocole Internet (TCP/IP) et choisir le bouton-radio Obtenir les adresses des serveurs DNS automatiquement.
Clique deux fois sur OK, et redémarre l'ordinateur

2/suis très exactement ce que te dit le rapport GenProc

# Etape 1/ Télécharge :

- SmitfrauFix de S!Ri: Moe et Balltrap34 http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* double-clique sur le fichier "smitfraudfix.exe" et choisis l’option 1, il va lister tous les éléments nuisibles dans un rapport : poste le maintenant.

- SDfix http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.microsoft.com/fr-fr/ (choisis ta session courante "Benji") *****

# Etape 2/

Double-clique sur le fichier "SmitfraudFix.exe" et choisis l’option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

# Etape 3/

Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur "RunThis.bat" pour lancer le script.
- Appuie sur "Y" pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom "Report.txt".
~ Le fichier "SDFIX_README.htm" (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
~ Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésite donc pas à télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

# Etape 4/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 5/

Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées si tu ne l'as pas tu trouveras HijackThis ici http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ;
- Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
- Le contenu du fichier Report.txt ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses