Avast et spybot H.S.
Résolu
SKE69
-
papyber Messages postés 6430 Statut Contributeur sécurité -
papyber Messages postés 6430 Statut Contributeur sécurité -
Bonjour,
Pendant un scan rapide par Avast d' une archive ( surement douteuse ) , j' ai perdu toute mes protections :
- avast et spybot ont disparru de la barre de tâches .
- quand je click sur le raccourci de spybot , plus rien ne se passe ...
- quand je click sur le raccourci d' Avast , un message d' erreur m' indique qu'ashAvast.exe n' est pas une appli. Win32
valide : (
- j' ai mon disk externe qui n' est plus recconnu : on me demande de le formater ... ( alors que sur un autre PC tout est OK )
- lorsque j' ouvre le dossier d'Avast ( Alwil Software ) , plusieurs iconnes d' apllication "scintillent" ...
J' ai scratché manuellement qlques fichiers dans Windows du jour où c 'est arrivé, ainsi que les archives préalablement
scannées qui étaient surement infectés .
J' ai beau redémarrer mon pc , rien n' y fait ... pas de protection : (
j' ai désinstalé spybot et avast ( avec du mal : la désinstale d' avast plantait ) ,puis les réinstalé : aucun résultat ...
Que dois-je faire ???
( J' ai windows XP )
Pendant un scan rapide par Avast d' une archive ( surement douteuse ) , j' ai perdu toute mes protections :
- avast et spybot ont disparru de la barre de tâches .
- quand je click sur le raccourci de spybot , plus rien ne se passe ...
- quand je click sur le raccourci d' Avast , un message d' erreur m' indique qu'ashAvast.exe n' est pas une appli. Win32
valide : (
- j' ai mon disk externe qui n' est plus recconnu : on me demande de le formater ... ( alors que sur un autre PC tout est OK )
- lorsque j' ouvre le dossier d'Avast ( Alwil Software ) , plusieurs iconnes d' apllication "scintillent" ...
J' ai scratché manuellement qlques fichiers dans Windows du jour où c 'est arrivé, ainsi que les archives préalablement
scannées qui étaient surement infectés .
J' ai beau redémarrer mon pc , rien n' y fait ... pas de protection : (
j' ai désinstalé spybot et avast ( avec du mal : la désinstale d' avast plantait ) ,puis les réinstalé : aucun résultat ...
Que dois-je faire ???
( J' ai windows XP )
A voir également:
- Avast et spybot H.S.
- Spybot - Télécharger - Antivirus & Antimalwares
- Désinstaller avast - Télécharger - Antivirus & Antimalwares
- Avast gratuit - Télécharger - Antivirus & Antimalwares
- Desinstaller avast secure browser ✓ - Forum Virus
- Vpn avast avis - Guide
71 réponses
Et voilà le dernier rapport, ça a été tres cours je sais pas si c'est normal:
SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)
Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\PHILIPPE\Bureau\sys20636.exe
Running in: User mode
Date: 2008-03-07
Time: 10:28:11
Output limited to:
-Recent files
===================== Recent files (30 days old) =====================
----- recent files in C:\
02-03-2008 08:47:26 (DIR) 0 byte 5 days old -- Philippe
18-02-2008 18:41:49 (DIR) 0 byte 18 days old -- temp
03-03-2008 14:57:51 212 byte 4 days old -- boot.ini
04-03-2008 19:18:33 1210 byte 3 days old -- InfoSat.txt
04-03-2008 19:26:51 (DIR) 0 byte 3 days old -- Combo-Fix
07-03-2008 07:46:56 523 byte 0 days old -- hpfr3420.xml
07-03-2008 07:50:50 1039 byte 0 days old -- hpfr3425.log
07-03-2008 09:37:28 (DIR)536870912 byte 0 days old -- pagefile.sys
07-03-2008 09:52:06 (DIR) 0 byte 0 days old -- Program Files
07-03-2008 09:52:24 (DIR) 0 byte 0 days old -- WINDOWS
07-03-2008 09:52:32 1906 byte 0 days old -- TCleaner.txt
07-03-2008 10:07:33 14150 byte 0 days old -- SAFEBOOT_REPAIR.TXT
07-03-2008 10:28:11 (DIR) 0 byte 0 days old -- suspectfile
08-02-2008 18:59:24 (DIR) 0 byte 28 days old -- Documents and Settings
11-02-2008 16:10:51 (DIR) 0 byte 25 days old -- Adrien
----- recent files in C:\WINDOWS\
02-03-2008 11:40:27 80 byte 5 days old -- gmer_uninstall.cmd
02-03-2008 11:45:35 819200 byte 5 days old -- gmer.dll
02-03-2008 18:18:06 (DIR) 0 byte 5 days old -- erdnt
02-03-2008 18:24:35 209833 byte 5 days old -- Directx.log
02-03-2008 18:24:37 (DIR) 0 byte 5 days old -- Installer
13-02-2008 12:21:33 (DIR) 0 byte 23 days old -- $hf_mig$
13-02-2008 22:30:25 (DIR) 0 byte 23 days old -- $NtUninstallKB943055$
13-02-2008 22:30:48 11233 byte 23 days old -- KB943055.log
13-02-2008 22:31:15 (DIR) 0 byte 23 days old -- ie7updates
13-02-2008 22:31:35 196480 byte 23 days old -- updspapi.log
13-02-2008 22:31:53 25685 byte 23 days old -- KB944533-IE7.log
13-02-2008 22:31:54 1374 byte 23 days old -- imsins.BAK
13-02-2008 22:32:59 (DIR) 0 byte 23 days old -- $NtUninstallKB946026$
13-02-2008 22:33:01 374124 byte 23 days old -- msmqinst.log
13-02-2008 22:33:02 46145 byte 23 days old -- ocmsn.log
13-02-2008 22:33:02 197197 byte 23 days old -- ntdtcsetup.log
13-02-2008 22:33:02 207981 byte 23 days old -- netfxocm.log
13-02-2008 22:33:02 59957 byte 23 days old -- medctroc.Log
13-02-2008 22:33:02 20113 byte 23 days old -- KB946026.log
13-02-2008 22:33:02 59000 byte 23 days old -- msgsocm.log
13-02-2008 22:33:02 586449 byte 23 days old -- ocgen.log
13-02-2008 22:33:02 547851 byte 23 days old -- tsoc.log
13-02-2008 22:33:02 1182586 byte 23 days old -- FaxSetup.log
13-02-2008 22:33:02 60250 byte 23 days old -- tabletoc.log
13-02-2008 22:33:02 326370 byte 23 days old -- comsetup.log
13-02-2008 22:33:02 1374 byte 23 days old -- imsins.log
13-02-2008 22:33:02 1330869 byte 23 days old -- iis6.log
15-02-2008 10:24:43 (DIR) 0 byte 21 days old -- Help
15-02-2008 10:25:38 2464 byte 21 days old -- $_hpcst$.hpc
15-02-2008 10:25:42 2510 byte 21 days old -- Microsoft.MIF
16-02-2008 08:57:56 (DIR) 0 byte 20 days old -- Sun
22-02-2008 17:10:58 (DIR) 0 byte 14 days old -- Tasks
24-02-2008 10:10:44 77 byte 12 days old -- NAVIGMA.INI
24-02-2008 15:05:34 (DIR) 0 byte 12 days old -- inf
26-02-2008 18:38:35 (DIR) 0 byte 10 days old -- Downloaded Program Files
26-02-2008 18:38:35 609073 byte 10 days old -- setupapi.log
29-02-2008 09:18:02 (DIR) 0 byte 7 days old -- Minidump
03-03-2008 14:57:49 (DIR) 0 byte 4 days old -- pss
03-03-2008 14:57:51 658 byte 4 days old -- win.ini
03-03-2008 15:53:43 226641 byte 4 days old -- wmsetup.log
04-03-2008 19:25:29 227 byte 3 days old -- system.ini
06-03-2008 19:06:17 116 byte 1 days old -- NeroDigital.ini
06-03-2008 19:10:17 (DIR) 0 byte 1 days old -- system32
07-02-2008 13:25:47 54156 byte 29 days old -- QTFont.qfn
07-02-2008 13:25:47 1409 byte 29 days old -- QTFont.for
07-03-2008 07:54:11 32576 byte 0 days old -- SchedLgU.Txt
07-03-2008 09:37:34 2048 byte 0 days old -- bootstat.dat
07-03-2008 09:37:40 50 byte 0 days old -- wiaservc.log
07-03-2008 09:37:41 157 byte 0 days old -- wiadebug.log
07-03-2008 09:37:42 0 byte 0 days old -- 0.log
07-03-2008 09:38:35 1325862 byte 0 days old -- WindowsUpdate.log
07-03-2008 09:52:24 (DIR) 0 byte 0 days old -- Temp
07-03-2008 10:27:09 (DIR) 0 byte 0 days old -- Prefetch
08-02-2008 15:07:35 2829 byte 28 days old -- DIIUnin.pif
08-02-2008 15:07:35 102400 byte 28 days old -- DIIUnin.exe
08-02-2008 15:07:55 17053 byte 28 days old -- DIIUnin.dat
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
02-03-2008 08:36:36 2228 byte 5 days old -- wpa.dbl
02-03-2008 18:18:14 (DIR) 0 byte 5 days old -- config
02-03-2008 18:24:35 (DIR) 0 byte 5 days old -- DirectX
13-02-2008 22:33:00 (DIR) 0 byte 23 days old -- dllcache
24-02-2008 20:35:31 2173 byte 12 days old -- LVCOMSX.LOG
04-03-2008 19:26:33 (DIR) 0 byte 3 days old -- CatRoot2
05-03-2008 19:36:18 (DIR) 0 byte 2 days old -- drivers
08-02-2008 15:18:47 21840 byte 28 days old -- SIntfNT.dll
08-02-2008 15:18:47 12067 byte 28 days old -- SIntf16.dll
08-02-2008 15:18:47 17212 byte 28 days old -- SIntf32.dll
----- recent files in C:\WINDOWS\system32\drivers\
01-03-2008 10:10:18 109848 byte 6 days old -- kl1.sys
02-03-2008 11:45:35 85713 byte 5 days old -- gmer.sys
02-03-2008 13:56:33 179984 byte 5 days old -- klif.sys
02-03-2008 18:19:36 (DIR) 0 byte 5 days old -- etc
23-02-2008 22:22:53 78543392 byte 13 days old -- fidbox.dat
23-02-2008 22:22:54 217148 byte 13 days old -- fidbox2.idx
23-02-2008 22:22:54 1052996 byte 13 days old -- fidbox.idx
23-02-2008 22:22:54 2304800 byte 13 days old -- fidbox2.dat
05-03-2008 19:43:44 61632 byte 2 days old -- avipbb.sys
----- recent files in C:\WINDOWS\temp\
----- recent files in C:\Program Files\
02-03-2008 18:24:13 (DIR) 0 byte 5 days old -- Windows Live
14-02-2008 13:54:58 (DIR) 0 byte 22 days old -- Internet Explorer
15-02-2008 10:25:36 (DIR) 0 byte 21 days old -- Common Files
15-02-2008 10:25:39 (DIR) 0 byte 21 days old -- AvantGo Connect
15-02-2008 10:25:42 (DIR) 0 byte 21 days old -- Microsoft ActiveSync
15-02-2008 10:39:29 (DIR) 0 byte 21 days old -- ViaMichelin
15-02-2008 10:39:39 (DIR) 0 byte 21 days old -- InstallShield Installation Information
17-02-2008 10:28:34 (DIR) 0 byte 19 days old -- QuickTime
23-02-2008 16:05:10 (DIR) 0 byte 13 days old -- Bryce 5.5
23-02-2008 16:05:18 (DIR) 0 byte 13 days old -- Bryce
24-02-2008 10:03:58 (DIR) 0 byte 12 days old -- IsoBuster
24-02-2008 10:11:23 (DIR) 0 byte 12 days old -- Micro Application
26-02-2008 19:05:45 (DIR) 0 byte 10 days old -- Fichiers communs
26-02-2008 19:06:34 (DIR) 0 byte 10 days old -- Lavasoft
03-03-2008 15:50:50 (DIR) 0 byte 4 days old -- Mozilla Firefox
05-03-2008 19:36:14 (DIR) 0 byte 2 days old -- Avira
07-03-2008 07:40:09 (DIR) 0 byte 0 days old -- LogMeIn
07-03-2008 09:38:26 (DIR) 0 byte 0 days old -- Wanadoo
07-03-2008 09:52:06 (DIR) 0 byte 0 days old -- Trend Micro
07-03-2008 09:59:08 (DIR) 0 byte 0 days old -- eMule
10-02-2008 15:11:31 (DIR) 0 byte 26 days old -- Diablo II
10-02-2008 16:08:33 (DIR) 0 byte 26 days old -- Windows Live Safety Center
11-02-2008 16:11:07 (DIR) 0 byte 25 days old -- World of Warcraft
----- recent files in C:\Program Files\Fichiers communs\
23-02-2008 15:45:48 (DIR) 0 byte 13 days old -- DAZ
26-02-2008 19:05:45 (DIR) 0 byte 10 days old -- Wise Installation Wizard
11-02-2008 07:22:35 (DIR) 0 byte 25 days old -- Blizzard Entertainment
----- recent files in C:\Documents and Settings\PHILIPPE\Application Data\
15-02-2008 10:29:49 (DIR) 0 byte 21 days old -- Microsoft
16-02-2008 08:57:56 (DIR) 0 byte 20 days old -- Sun
24-02-2008 20:06:12 (DIR) 0 byte 12 days old -- DivX
07-02-2008 17:03:02 (DIR) 0 byte 29 days old -- Todae
08-02-2008 11:50:25 (DIR) 0 byte 28 days old -- Adobe
----- recent files in C:\DOCUME~1\PHILIPPE\LOCALS~1\Temp\
05-03-2008 19:40:27 (DIR) 0 byte 2 days old -- AVSETUP_47cee7f3
06-03-2008 18:28:38 (DIR) 0 byte 1 days old -- hsperfdata_PHILIPPE
06-03-2008 21:31:17 (DIR) 0 byte 1 days old -- VBE
07-03-2008 09:37:52 (DIR) 0 byte 0 days old -- WPDNSE
07-03-2008 09:39:05 180224 byte 0 days old -- ~DF5601.tmp
07-03-2008 09:39:05 512 byte 0 days old -- ~DF560C.tmp
07-03-2008 09:39:09 512 byte 0 days old -- ~DF6C15.tmp
07-03-2008 09:39:09 180224 byte 0 days old -- ~DF6C00.tmp
07-03-2008 09:57:20 32768 byte 0 days old -- ~DF15CB.tmp
07-03-2008 09:59:54 212480 byte 0 days old -- swxcacls.exe
07-03-2008 09:59:54 139776 byte 0 days old -- swreg.exe
07-03-2008 10:26:59 54 byte 0 days old -- systemscan.ini
07-03-2008 10:27:00 16384 byte 0 days old -- ~DF1B7C.tmp
07-03-2008 10:27:00 (DIR) 0 byte 0 days old -- nsp7.tmp
==========================================
Scan completed in 0.1 minutes
End of report
~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:
* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log
Thanks to all of them for their hard work
SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)
Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\PHILIPPE\Bureau\sys20636.exe
Running in: User mode
Date: 2008-03-07
Time: 10:28:11
Output limited to:
-Recent files
===================== Recent files (30 days old) =====================
----- recent files in C:\
02-03-2008 08:47:26 (DIR) 0 byte 5 days old -- Philippe
18-02-2008 18:41:49 (DIR) 0 byte 18 days old -- temp
03-03-2008 14:57:51 212 byte 4 days old -- boot.ini
04-03-2008 19:18:33 1210 byte 3 days old -- InfoSat.txt
04-03-2008 19:26:51 (DIR) 0 byte 3 days old -- Combo-Fix
07-03-2008 07:46:56 523 byte 0 days old -- hpfr3420.xml
07-03-2008 07:50:50 1039 byte 0 days old -- hpfr3425.log
07-03-2008 09:37:28 (DIR)536870912 byte 0 days old -- pagefile.sys
07-03-2008 09:52:06 (DIR) 0 byte 0 days old -- Program Files
07-03-2008 09:52:24 (DIR) 0 byte 0 days old -- WINDOWS
07-03-2008 09:52:32 1906 byte 0 days old -- TCleaner.txt
07-03-2008 10:07:33 14150 byte 0 days old -- SAFEBOOT_REPAIR.TXT
07-03-2008 10:28:11 (DIR) 0 byte 0 days old -- suspectfile
08-02-2008 18:59:24 (DIR) 0 byte 28 days old -- Documents and Settings
11-02-2008 16:10:51 (DIR) 0 byte 25 days old -- Adrien
----- recent files in C:\WINDOWS\
02-03-2008 11:40:27 80 byte 5 days old -- gmer_uninstall.cmd
02-03-2008 11:45:35 819200 byte 5 days old -- gmer.dll
02-03-2008 18:18:06 (DIR) 0 byte 5 days old -- erdnt
02-03-2008 18:24:35 209833 byte 5 days old -- Directx.log
02-03-2008 18:24:37 (DIR) 0 byte 5 days old -- Installer
13-02-2008 12:21:33 (DIR) 0 byte 23 days old -- $hf_mig$
13-02-2008 22:30:25 (DIR) 0 byte 23 days old -- $NtUninstallKB943055$
13-02-2008 22:30:48 11233 byte 23 days old -- KB943055.log
13-02-2008 22:31:15 (DIR) 0 byte 23 days old -- ie7updates
13-02-2008 22:31:35 196480 byte 23 days old -- updspapi.log
13-02-2008 22:31:53 25685 byte 23 days old -- KB944533-IE7.log
13-02-2008 22:31:54 1374 byte 23 days old -- imsins.BAK
13-02-2008 22:32:59 (DIR) 0 byte 23 days old -- $NtUninstallKB946026$
13-02-2008 22:33:01 374124 byte 23 days old -- msmqinst.log
13-02-2008 22:33:02 46145 byte 23 days old -- ocmsn.log
13-02-2008 22:33:02 197197 byte 23 days old -- ntdtcsetup.log
13-02-2008 22:33:02 207981 byte 23 days old -- netfxocm.log
13-02-2008 22:33:02 59957 byte 23 days old -- medctroc.Log
13-02-2008 22:33:02 20113 byte 23 days old -- KB946026.log
13-02-2008 22:33:02 59000 byte 23 days old -- msgsocm.log
13-02-2008 22:33:02 586449 byte 23 days old -- ocgen.log
13-02-2008 22:33:02 547851 byte 23 days old -- tsoc.log
13-02-2008 22:33:02 1182586 byte 23 days old -- FaxSetup.log
13-02-2008 22:33:02 60250 byte 23 days old -- tabletoc.log
13-02-2008 22:33:02 326370 byte 23 days old -- comsetup.log
13-02-2008 22:33:02 1374 byte 23 days old -- imsins.log
13-02-2008 22:33:02 1330869 byte 23 days old -- iis6.log
15-02-2008 10:24:43 (DIR) 0 byte 21 days old -- Help
15-02-2008 10:25:38 2464 byte 21 days old -- $_hpcst$.hpc
15-02-2008 10:25:42 2510 byte 21 days old -- Microsoft.MIF
16-02-2008 08:57:56 (DIR) 0 byte 20 days old -- Sun
22-02-2008 17:10:58 (DIR) 0 byte 14 days old -- Tasks
24-02-2008 10:10:44 77 byte 12 days old -- NAVIGMA.INI
24-02-2008 15:05:34 (DIR) 0 byte 12 days old -- inf
26-02-2008 18:38:35 (DIR) 0 byte 10 days old -- Downloaded Program Files
26-02-2008 18:38:35 609073 byte 10 days old -- setupapi.log
29-02-2008 09:18:02 (DIR) 0 byte 7 days old -- Minidump
03-03-2008 14:57:49 (DIR) 0 byte 4 days old -- pss
03-03-2008 14:57:51 658 byte 4 days old -- win.ini
03-03-2008 15:53:43 226641 byte 4 days old -- wmsetup.log
04-03-2008 19:25:29 227 byte 3 days old -- system.ini
06-03-2008 19:06:17 116 byte 1 days old -- NeroDigital.ini
06-03-2008 19:10:17 (DIR) 0 byte 1 days old -- system32
07-02-2008 13:25:47 54156 byte 29 days old -- QTFont.qfn
07-02-2008 13:25:47 1409 byte 29 days old -- QTFont.for
07-03-2008 07:54:11 32576 byte 0 days old -- SchedLgU.Txt
07-03-2008 09:37:34 2048 byte 0 days old -- bootstat.dat
07-03-2008 09:37:40 50 byte 0 days old -- wiaservc.log
07-03-2008 09:37:41 157 byte 0 days old -- wiadebug.log
07-03-2008 09:37:42 0 byte 0 days old -- 0.log
07-03-2008 09:38:35 1325862 byte 0 days old -- WindowsUpdate.log
07-03-2008 09:52:24 (DIR) 0 byte 0 days old -- Temp
07-03-2008 10:27:09 (DIR) 0 byte 0 days old -- Prefetch
08-02-2008 15:07:35 2829 byte 28 days old -- DIIUnin.pif
08-02-2008 15:07:35 102400 byte 28 days old -- DIIUnin.exe
08-02-2008 15:07:55 17053 byte 28 days old -- DIIUnin.dat
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
02-03-2008 08:36:36 2228 byte 5 days old -- wpa.dbl
02-03-2008 18:18:14 (DIR) 0 byte 5 days old -- config
02-03-2008 18:24:35 (DIR) 0 byte 5 days old -- DirectX
13-02-2008 22:33:00 (DIR) 0 byte 23 days old -- dllcache
24-02-2008 20:35:31 2173 byte 12 days old -- LVCOMSX.LOG
04-03-2008 19:26:33 (DIR) 0 byte 3 days old -- CatRoot2
05-03-2008 19:36:18 (DIR) 0 byte 2 days old -- drivers
08-02-2008 15:18:47 21840 byte 28 days old -- SIntfNT.dll
08-02-2008 15:18:47 12067 byte 28 days old -- SIntf16.dll
08-02-2008 15:18:47 17212 byte 28 days old -- SIntf32.dll
----- recent files in C:\WINDOWS\system32\drivers\
01-03-2008 10:10:18 109848 byte 6 days old -- kl1.sys
02-03-2008 11:45:35 85713 byte 5 days old -- gmer.sys
02-03-2008 13:56:33 179984 byte 5 days old -- klif.sys
02-03-2008 18:19:36 (DIR) 0 byte 5 days old -- etc
23-02-2008 22:22:53 78543392 byte 13 days old -- fidbox.dat
23-02-2008 22:22:54 217148 byte 13 days old -- fidbox2.idx
23-02-2008 22:22:54 1052996 byte 13 days old -- fidbox.idx
23-02-2008 22:22:54 2304800 byte 13 days old -- fidbox2.dat
05-03-2008 19:43:44 61632 byte 2 days old -- avipbb.sys
----- recent files in C:\WINDOWS\temp\
----- recent files in C:\Program Files\
02-03-2008 18:24:13 (DIR) 0 byte 5 days old -- Windows Live
14-02-2008 13:54:58 (DIR) 0 byte 22 days old -- Internet Explorer
15-02-2008 10:25:36 (DIR) 0 byte 21 days old -- Common Files
15-02-2008 10:25:39 (DIR) 0 byte 21 days old -- AvantGo Connect
15-02-2008 10:25:42 (DIR) 0 byte 21 days old -- Microsoft ActiveSync
15-02-2008 10:39:29 (DIR) 0 byte 21 days old -- ViaMichelin
15-02-2008 10:39:39 (DIR) 0 byte 21 days old -- InstallShield Installation Information
17-02-2008 10:28:34 (DIR) 0 byte 19 days old -- QuickTime
23-02-2008 16:05:10 (DIR) 0 byte 13 days old -- Bryce 5.5
23-02-2008 16:05:18 (DIR) 0 byte 13 days old -- Bryce
24-02-2008 10:03:58 (DIR) 0 byte 12 days old -- IsoBuster
24-02-2008 10:11:23 (DIR) 0 byte 12 days old -- Micro Application
26-02-2008 19:05:45 (DIR) 0 byte 10 days old -- Fichiers communs
26-02-2008 19:06:34 (DIR) 0 byte 10 days old -- Lavasoft
03-03-2008 15:50:50 (DIR) 0 byte 4 days old -- Mozilla Firefox
05-03-2008 19:36:14 (DIR) 0 byte 2 days old -- Avira
07-03-2008 07:40:09 (DIR) 0 byte 0 days old -- LogMeIn
07-03-2008 09:38:26 (DIR) 0 byte 0 days old -- Wanadoo
07-03-2008 09:52:06 (DIR) 0 byte 0 days old -- Trend Micro
07-03-2008 09:59:08 (DIR) 0 byte 0 days old -- eMule
10-02-2008 15:11:31 (DIR) 0 byte 26 days old -- Diablo II
10-02-2008 16:08:33 (DIR) 0 byte 26 days old -- Windows Live Safety Center
11-02-2008 16:11:07 (DIR) 0 byte 25 days old -- World of Warcraft
----- recent files in C:\Program Files\Fichiers communs\
23-02-2008 15:45:48 (DIR) 0 byte 13 days old -- DAZ
26-02-2008 19:05:45 (DIR) 0 byte 10 days old -- Wise Installation Wizard
11-02-2008 07:22:35 (DIR) 0 byte 25 days old -- Blizzard Entertainment
----- recent files in C:\Documents and Settings\PHILIPPE\Application Data\
15-02-2008 10:29:49 (DIR) 0 byte 21 days old -- Microsoft
16-02-2008 08:57:56 (DIR) 0 byte 20 days old -- Sun
24-02-2008 20:06:12 (DIR) 0 byte 12 days old -- DivX
07-02-2008 17:03:02 (DIR) 0 byte 29 days old -- Todae
08-02-2008 11:50:25 (DIR) 0 byte 28 days old -- Adobe
----- recent files in C:\DOCUME~1\PHILIPPE\LOCALS~1\Temp\
05-03-2008 19:40:27 (DIR) 0 byte 2 days old -- AVSETUP_47cee7f3
06-03-2008 18:28:38 (DIR) 0 byte 1 days old -- hsperfdata_PHILIPPE
06-03-2008 21:31:17 (DIR) 0 byte 1 days old -- VBE
07-03-2008 09:37:52 (DIR) 0 byte 0 days old -- WPDNSE
07-03-2008 09:39:05 180224 byte 0 days old -- ~DF5601.tmp
07-03-2008 09:39:05 512 byte 0 days old -- ~DF560C.tmp
07-03-2008 09:39:09 512 byte 0 days old -- ~DF6C15.tmp
07-03-2008 09:39:09 180224 byte 0 days old -- ~DF6C00.tmp
07-03-2008 09:57:20 32768 byte 0 days old -- ~DF15CB.tmp
07-03-2008 09:59:54 212480 byte 0 days old -- swxcacls.exe
07-03-2008 09:59:54 139776 byte 0 days old -- swreg.exe
07-03-2008 10:26:59 54 byte 0 days old -- systemscan.ini
07-03-2008 10:27:00 16384 byte 0 days old -- ~DF1B7C.tmp
07-03-2008 10:27:00 (DIR) 0 byte 0 days old -- nsp7.tmp
==========================================
Scan completed in 0.1 minutes
End of report
~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:
* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log
Thanks to all of them for their hard work
arrives tu maintenant à aller en mode sans echec?
si oui , met antivir à jour scanne ton Pc avec en mode sans échec
poste le rapport obtenu
télécharge AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse » onglet « paramètres »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
lance ccleaner , nettoyeur, et supprime tout ce qu'il trouve
lance ccleaner, erreurs, et répare ce qu’il trouve. Accepte les sauvegardes !
lance avg antispyware
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Rapports du dossier d'AVG Anti-Spyware
lance hijack this et poste le rapport
poste les rapports demandés
AVG antispyware
Hijack this
si oui , met antivir à jour scanne ton Pc avec en mode sans échec
poste le rapport obtenu
télécharge AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse » onglet « paramètres »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
lance ccleaner , nettoyeur, et supprime tout ce qu'il trouve
lance ccleaner, erreurs, et répare ce qu’il trouve. Accepte les sauvegardes !
lance avg antispyware
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Rapports du dossier d'AVG Anti-Spyware
lance hijack this et poste le rapport
poste les rapports demandés
AVG antispyware
Hijack this
Salut Papyber,
je te poste juste un petit message : j'ai récupérer le PC de ma belle-soeur qui est apparement séverement infecté ... Je voulait juste savoir si tu pouvais me donner un coup de main pour essayer de le récuppérer,si ça ne te dérrange pas .
Je posterai un rapport Hijacthis cet après midi ( "PC infections multiples ? " ) .
Bon courrage avec notre ami Lanfeust73 , il a l 'aire d'être en grosse galaire ... Mais je suit sûre que tout va bien ce terminer ;-)
---sKe---
je te poste juste un petit message : j'ai récupérer le PC de ma belle-soeur qui est apparement séverement infecté ... Je voulait juste savoir si tu pouvais me donner un coup de main pour essayer de le récuppérer,si ça ne te dérrange pas .
Je posterai un rapport Hijacthis cet après midi ( "PC infections multiples ? " ) .
Bon courrage avec notre ami Lanfeust73 , il a l 'aire d'être en grosse galaire ... Mais je suit sûre que tout va bien ce terminer ;-)
---sKe---
Le rapport en mode sans echec d'antivir (il a rien trouvé):
AntiVir PersonalEdition Classic
Report file date: 2008-03-07 12:27
Scanning for 1133894 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: PHILIPPE
Computer name: PERSO-69RC4WU69
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:43:42
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 2008-02-24 18:43:42
ANTIVIR3.VDF : 7.0.2.237 183808 Bytes 2008-03-05 18:43:42
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-05 18:43:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-05 18:43:44
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-03-07 12:27
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '33' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: 2008-03-07 14:26
Used time: 1:59:20 min
The scan has been done completely.
7527 Scanning directories
357326 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
357326 Files not concerned
4728 Archives were scanned
1 Warnings
2 Notes
AntiVir PersonalEdition Classic
Report file date: 2008-03-07 12:27
Scanning for 1133894 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: PHILIPPE
Computer name: PERSO-69RC4WU69
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:43:42
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 2008-02-24 18:43:42
ANTIVIR3.VDF : 7.0.2.237 183808 Bytes 2008-03-05 18:43:42
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-05 18:43:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-05 18:43:44
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-03-07 12:27
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '33' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: 2008-03-07 14:26
Used time: 1:59:20 min
The scan has been done completely.
7527 Scanning directories
357326 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
357326 Files not concerned
4728 Archives were scanned
1 Warnings
2 Notes
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:38 2008-03-09
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\Contact.Contacts -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
[3012] VM_05669000 -> Adware.NaviPromo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\PHILIPPE\Bureau\ELIBAGLA.09032008.EXE -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP794\A1226114.EXE -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\PHILIPPE\Bureau\Superstock\Hacks\brutus2.zip/BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\PHILIPPE\Cookies\philippe@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@smartadserver[3].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@statcounter[3].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225665.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225666.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225667.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225672.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225794.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225828.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01, on 2008-03-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Adrien\Moi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Adrien\Moi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://enia73.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD7D2B12-BF6E-49CC-AA76-07F8A8CB5495}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: bw+0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PHILIPPE/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:38 2008-03-09
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\Contact.Contacts -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
[3012] VM_05669000 -> Adware.NaviPromo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\PHILIPPE\Bureau\ELIBAGLA.09032008.EXE -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP794\A1226114.EXE -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\PHILIPPE\Bureau\Superstock\Hacks\brutus2.zip/BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\PHILIPPE\Cookies\philippe@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@smartadserver[3].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@statcounter[3].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\PHILIPPE\Cookies\philippe@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225665.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225666.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225667.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225672.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225794.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225828.exe -> Trojan.Agent.xd : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01, on 2008-03-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Adrien\Moi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Adrien\Moi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://enia73.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD7D2B12-BF6E-49CC-AA76-07F8A8CB5495}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: bw+0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PHILIPPE/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
lance hijack this pour un scan et coche ces lignes
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O18 - Protocol: bw+0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll => logitech Desktop Messenger
O18 - Protocol: bwg0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PHILIPPE/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
ferme toutes tes fenêtres et clique sur fix checked
télécharge GenProc de Lazzzy et Narco4 sur ton bureau
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O18 - Protocol: bw+0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll => logitech Desktop Messenger
O18 - Protocol: bwg0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9532F78-9D52-4B70-827E-7FA0EE296224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PHILIPPE/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
ferme toutes tes fenêtres et clique sur fix checked
télécharge GenProc de Lazzzy et Narco4 sur ton bureau
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
en principe oui, c'est plutôt une bonne nouvelle!
fais tout de même un scan en ligne pour contrôle sur l'un de ces sites
faire un scan antivirus en ligne avec internet explorer et accepter l'activex
poster le rapport ici ensuite
http://pandasoftware.fr
http://www.bitdefender.fr/scan8/ie.html
http://www.secuser.com/outils/antivirus.htm
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=fr&venid=sym
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
poste le rapport obtenu
règle ton Internet Explorer de cette façon
Démarrer => Panneau de configuration => Options Internet ...
Cliquez sur Supprimer les fichiers, Supprimer les cookies, avant de lancer le scan.
Ceci pour minimiser le temps de scan et éventuellement écourter le rapport.
Vérifier également que les ActiveX sont paramétrés comme ceci:
Démarrer => Paramètres => Panneau de configuration => Options Internet...
ou, sur la fenêtre du navigateur Internet => Outils => Options Internet...
Dans la fenêtre qui s'ouvre, sélectionnez l'onglet Sécurité
Cliquez sur le bouton Personnaliser le niveau...
Une nouvelle fenêtre s'ouvre, dans la partie qui se nomme Paramètres de sécurité, effectuer alors les réglages suivants:
À la ligne: Contrôles ActiveX reconnus sûrs pour l'écriture de scripts, cocher la case > Activé
À la ligne: Contrôles d'initialisation et de scripts ActiveX non-marqués comme sécurisés, cocher la case > Désactivé
À la ligne: Exécuter les contrôles ActiveX et les plugins, cocher la case > Activé
À la ligne: Télécharger les contrôles ActiveX non signés, cocher la case > Désactivé
À la ligne: Télécharger les contrôles ActiveX signés, cocher la case > Demander
Cliquer sur le bouton OK, afin que les modifications soient prises en compte.
fais tout de même un scan en ligne pour contrôle sur l'un de ces sites
faire un scan antivirus en ligne avec internet explorer et accepter l'activex
poster le rapport ici ensuite
http://pandasoftware.fr
http://www.bitdefender.fr/scan8/ie.html
http://www.secuser.com/outils/antivirus.htm
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=fr&venid=sym
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
poste le rapport obtenu
règle ton Internet Explorer de cette façon
Démarrer => Panneau de configuration => Options Internet ...
Cliquez sur Supprimer les fichiers, Supprimer les cookies, avant de lancer le scan.
Ceci pour minimiser le temps de scan et éventuellement écourter le rapport.
Vérifier également que les ActiveX sont paramétrés comme ceci:
Démarrer => Paramètres => Panneau de configuration => Options Internet...
ou, sur la fenêtre du navigateur Internet => Outils => Options Internet...
Dans la fenêtre qui s'ouvre, sélectionnez l'onglet Sécurité
Cliquez sur le bouton Personnaliser le niveau...
Une nouvelle fenêtre s'ouvre, dans la partie qui se nomme Paramètres de sécurité, effectuer alors les réglages suivants:
À la ligne: Contrôles ActiveX reconnus sûrs pour l'écriture de scripts, cocher la case > Activé
À la ligne: Contrôles d'initialisation et de scripts ActiveX non-marqués comme sécurisés, cocher la case > Désactivé
À la ligne: Exécuter les contrôles ActiveX et les plugins, cocher la case > Activé
À la ligne: Télécharger les contrôles ActiveX non signés, cocher la case > Désactivé
À la ligne: Télécharger les contrôles ActiveX signés, cocher la case > Demander
Cliquer sur le bouton OK, afin que les modifications soient prises en compte.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, March 11, 2008 9:12:57 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 11/03/2008
Enregistrements dans la base antivirus Kaspersky : 564306
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
E:\
F:\
G:\
H:\
I:\
J:\
Statistiques de l'analyse:
Total d'objets analysés: 92952
Nombre de virus trouvés: 3
Nombre d'objets infectés: 58 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:24:49
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\temp\~DF2987.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\temp\~DF2992.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP778\A1222347.exe Infecté : Trojan-Downloader.Win32.Bagle.kd ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP779\A1222418.exe Infecté : Trojan-Downloader.Win32.Bagle.kd ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP779\A1222440.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP781\A1222485.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP781\A1222498.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP782\A1222526.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP783\A1222585.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP783\A1222621.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP784\A1222627.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP784\A1222681.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP785\A1222683.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP785\A1222739.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222744.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222797.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222814.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222827.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222846.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1223846.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP787\A1223862.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP787\A1223875.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP787\A1223899.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224083.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224100.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224114.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224127.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224139.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224151.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224153.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224164.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224251.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224398.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224412.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224431.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1224441.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1224442.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1224463.exe Infecté : Trojan-Downloader.Win32.Bagle.kd ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225478.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225493.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225494.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225504.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225525.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225526.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225545.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225558.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225574.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225575.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225600.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225634.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225650.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225668.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225670.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225677.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225689.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225795.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225829.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225845.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP792\A1225980.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP793\A1226065.exe Infecté : Trojan-Downloader.Win32.Bagle.kd ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP799\change.log L'objet est verrouillé ignoré
C:\WINDOWS\$_hpcst$.hpc L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, March 11, 2008 9:12:57 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 11/03/2008
Enregistrements dans la base antivirus Kaspersky : 564306
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
E:\
F:\
G:\
H:\
I:\
J:\
Statistiques de l'analyse:
Total d'objets analysés: 92952
Nombre de virus trouvés: 3
Nombre d'objets infectés: 58 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:24:49
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\temp\~DF2987.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\temp\~DF2992.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\PHILIPPE\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP778\A1222347.exe Infecté : Trojan-Downloader.Win32.Bagle.kd ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP779\A1222418.exe Infecté : Trojan-Downloader.Win32.Bagle.kd ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP779\A1222440.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP781\A1222485.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP781\A1222498.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP782\A1222526.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP783\A1222585.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP783\A1222621.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP784\A1222627.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP784\A1222681.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP785\A1222683.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP785\A1222739.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222744.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222797.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222814.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222827.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1222846.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP786\A1223846.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP787\A1223862.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP787\A1223875.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP787\A1223899.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224083.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224100.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224114.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224127.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224139.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224151.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224153.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224164.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224251.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224398.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224412.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP788\A1224431.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1224441.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1224442.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1224463.exe Infecté : Trojan-Downloader.Win32.Bagle.kd ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225478.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225493.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225494.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225504.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225525.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225526.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225545.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP789\A1225558.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225574.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225575.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225600.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225634.sys Infecté : Trojan-Downloader.Win32.Bagle.ke ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP790\A1225650.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225668.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225670.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225677.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225689.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225795.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225829.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP791\A1225845.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP792\A1225980.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP793\A1226065.exe Infecté : Trojan-Downloader.Win32.Bagle.kd ignoré
C:\System Volume Information\_restore{3CE064D7-5CF0-412F-BCFA-BB100895692F}\RP799\change.log L'objet est verrouillé ignoré
C:\WINDOWS\$_hpcst$.hpc L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
-->- Recherche:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\PHILIPPE\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\PHILIPPE\Bureau\GenProc.zip: trouvé !
C:\Documents and Settings\PHILIPPE\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\PHILIPPE\Bureau\GenProc: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\PHILIPPE\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\PHILIPPE\Bureau\GenProc.zip: supprimé !
C:\Documents and Settings\PHILIPPE\Bureau\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\PHILIPPE\Bureau\GenProc: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Corbeille vidée!
Et merci beaucoup pour ton aide papyber!!!
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\PHILIPPE\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\PHILIPPE\Bureau\GenProc.zip: trouvé !
C:\Documents and Settings\PHILIPPE\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\PHILIPPE\Bureau\GenProc: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\PHILIPPE\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\PHILIPPE\Bureau\GenProc.zip: supprimé !
C:\Documents and Settings\PHILIPPE\Bureau\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\PHILIPPE\Bureau\GenProc: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Corbeille vidée!
Et merci beaucoup pour ton aide papyber!!!
