Attaque de virtumonde et autres Trojan - HELP

Fermé
lablonde38 - 2 déc. 2008 à 16:16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 17 déc. 2008 à 00:18
Bonjour,

Depuis 1 semaine mon ordi rame complétement, quand je vais sur internet des fenêtres - pas des pop up - s'ouvrent toutes seules (genre "pro-scanner, ou sur des sites de jeux type casino....)
Quand je surfe sur un site au bout de 3 clics les pages ne se chargent plus, certaines images n'apparaissent pas (à la place picto avec triangle rond carré vert rouge bleu)

Mon antivirus AVAST me signale plusieurs virus la plupart cachés sous system32 mais avast n'arrive pas à les supprimer

J'ai téléchargé Dr Spyware pour faire un bilan voilà le résultat des infections :

- Trojan.Virtumonde (15 fichiers infectés)

- Spyware_by_browser_defender (4)

- Adaware.advertising (4)

- Application.tracking.cookies (10)

- Trojan-PWS-Lineage(1)

- Trojan-Downloader.Playboy

- Application.windows_file_protection_diseabled

- Exploit.Internet_Explorer_Security_settings (2)

- Trojan_generic (2)


Quelqu'un aurait-il une solution simple et pas chere sachant que je suis une bille et que je ne maitrise pas du tout le javascript

Merci d'avance
A voir également:

27 réponses

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
16 déc. 2008 à 15:46
ok .) la blonde

pour supprimer les outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
1
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2008 à 16:25
salut lablonde38

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+
0
Merci pour ta réponse
Voici le résumé, je ne sais pas encore si ça a marché
Merci d'avance pour l'analyse que tu pourras faire du compte rendu, ji comprends rien chui blonde lol

ComboFix 08-12-01.03 - Propriétaire 2008-12-02 17:19:29.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.125 [GMT 1:00]
Lancé depuis: c:\program files\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\system32\agerigim.ini
c:\windows\system32\ahamemod.ini
c:\windows\system32\alapezak.ini
c:\windows\system32\alizemow.ini
c:\windows\system32\apfcavde.dll
c:\windows\system32\dijanumo.dll
c:\windows\system32\etofahen.ini
c:\windows\system32\ezurihoh.ini
c:\windows\system32\GOXwaGgh.ini
c:\windows\system32\GOXwaGgh.ini2
c:\windows\system32\haniyuga.dll
c:\windows\system32\hekeyapi.dll
c:\windows\system32\hewurogo.dll
c:\windows\system32\i
c:\windows\system32\iifgETjI.dll
c:\windows\system32\ijuwuhul.ini
c:\windows\system32\izezayan.ini
c:\windows\system32\lejivaya.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mfmqjnuj.dll
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\mlJDuuRi.dll
c:\windows\system32\nimusofa.dll
c:\windows\System32\nudeleze.dll
c:\windows\system32\nupanogo.dll
c:\windows\system32\odurupep.ini
c:\windows\system32\okotanib.ini
c:\windows\system32\onciyudg.dll
c:\windows\system32\pammjnej.dll
c:\windows\system32\pmnnLfCu.dll
c:\windows\system32\qoywdnfi.ini
c:\windows\System32\rojisabo.dll
c:\windows\system32\rsznfp.dll
c:\windows\system32\tilosupi.dll
c:\windows\system32\tutatezu.dll
c:\windows\system32\udegevib.ini
c:\windows\system32\vozafiwu.dll
c:\windows\System32\womezila.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINSPOOLSVC


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-02 au 2008-12-02 ))))))))))))))))))))))))))))))))))))
.

2008-12-02 17:17 . 2008-12-02 17:17 3,056,742 -ra------ c:\program files\ComboFix.exe
2008-12-02 15:46 . 2008-12-02 15:46 <REP> d-------- C:\VundoFix Backups
2008-12-02 15:46 . 2008-12-02 15:46 108,544 --a------ c:\program files\vundofix_vundofix_6.5.4_anglais_25107.exe
2008-12-02 10:15 . 2008-12-02 10:19 <REP> d-------- c:\program files\Spyware Doctor
2008-12-02 10:15 . 2008-12-02 10:15 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\PC Tools
2008-12-02 10:15 . 2008-12-02 17:26 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 10:15 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-02 10:15 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-02 10:15 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-02 10:15 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-02 10:14 . 2008-12-02 10:14 13,596,592 --a------ c:\program files\sdsetup.exe
2008-12-01 09:07 . 2008-12-01 09:07 171,520 -r-hs---- c:\windows\system32\drivers\explore.exe
2008-11-21 10:00 . 2008-11-21 10:00 <REP> d-------- c:\documents and settings\Propriétaire\.thumbnails
2008-11-21 10:00 . 2008-11-21 10:00 <REP> d-------- c:\documents and settings\Propriétaire\.thumbnails
2008-11-07 08:49 . 2008-11-07 08:49 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-06 09:10 . 2008-11-06 09:10 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-11-05 22:27 . 2008-11-05 22:27 <REP> d-------- c:\program files\Sun
2008-11-05 22:26 . 2008-11-05 22:26 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-05 22:26 . 2008-11-05 22:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-05 11:35 . 2008-12-02 16:36 <REP> d-------- c:\program files\Adibou,Je lis, je calcule 4-5

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 16:14 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Skype
2008-12-02 15:05 --------- d-----w c:\documents and settings\Propriétaire\Application Data\skypePM
2008-11-27 07:45 --------- d-----w c:\documents and settings\Propriétaire\Application Data\gtk-2.0
2008-11-17 14:14 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-05 21:26 --------- d-----w c:\program files\Java
2008-11-05 10:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-25 12:36 51,107 ----a-w c:\program files\christmas_lights police.zip
2008-10-03 10:59 --------- d-----w c:\program files\Gimp-2.0
2008-10-03 10:58 15,754,960 ----a-w c:\program files\gimp photo shop.exe
2008-10-02 18:18 27,582,248 ----a-w c:\program files\avasta.exe
2008-10-02 18:18 --------- d-----w c:\program files\Alwil Software
2008-09-08 08:18 7,730,856 ----a-w c:\program files\Google_Earth_CZXD.exe
2008-09-02 13:15 1,943,936 ----a-w c:\program files\pn31lous.exe
2008-07-08 12:33 2,048,604 ----a-w c:\program files\Photoways.exe
2008-05-26 20:32 91,824 ----a-w c:\documents and settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-04-21 10:48 2,228,736 ----a-w c:\program files\unzip.exe
2008-03-19 07:37 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-07-08 19:51 445,600 ----a-w c:\program files\switchsetup.exe
2005-09-04 19:08 7,561,000 ----a-w c:\program files\SkypeSetup.exe
2005-04-03 18:24 3,934,032 ----a-w c:\program files\AlbumPhoto-1001listes-Setup.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-02 36864]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-05 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-05 3022848]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-31 98304]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-02-20 180269]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"nwiz"="nwiz.exe" [2003-12-05 c:\windows\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 c:\windows\ALCXMNTR.EXE]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2004-07-14 73728]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-02 196608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Post-it© Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2003-09-12 19:13 98304 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2003-11-03 16:50 221184 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSSERV"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R0 avgntmgr;avgntmgr;c:\windows\System32\DRIVERS\avgntmgr.sys [2008-09-12 22336]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-10-02 110160]
R1 avgntdd;avgntdd;c:\windows\System32\DRIVERS\avgntdd.sys [2008-09-12 45376]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-02 356920]
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\System32\DRIVERS\fbxusb.sys [2002-12-11 18953]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{272cceed-67f8-4864-ad08-a1f1b3169a44} - c:\windows\System32\nudeleze.dll
BHO-{8478EAAE-97F3-4F1B-8CF5-C790721A57AD} - c:\windows\System32\hgGawXOG.dll
BHO-{B215471C-28A3-4D25-92C4-5A6AD0256C6B} - c:\windows\System32\hgGwVPHX.dll
HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-RecordNow! - (no file)
HKLM-Run-VTTimer - VTTimer.exe
ShellExecuteHooks-{B215471C-28A3-4D25-92C4-5A6AD0256C6B} - c:\windows\System32\hgGwVPHX.dll
Notify-hgGwVPHX - hgGwVPHX.dll
MSConfigStartUp-CookiePatrol - c:\progra~1\PESTPA~1\CookiePatrol.exe
MSConfigStartUp-PestPatrol Control Center - c:\progra~1\PESTPA~1\PPControl.exe
MSConfigStartUp-PPMemCheck - c:\progra~1\PESTPA~1\PPMemCheck.exe


.
------- Associations de fichier -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 17:28:13
Windows 5.1.2600 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(596)
c:\windows\System32\dssenh.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\hpzipm12.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Spyware Doctor\pctsSvc.exe
.
**************************************************************************
.
Heure de fin: 2008-12-02 17:35:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-02 16:35:27

Avant-CF: 102 957 752 320 octets libres
Après-CF: 103,039,303,680 octets libres

205 --- E O F --- 2007-11-07 09:09:44
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2008 à 18:25
de rien :)

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Merci
voilà le rapport Hijack. Ca été hyper rapide - normal ?
Faut-il faire une nouvelle manip ???
Pour info quand l'ordi a redémarer automatiquement après l'installation de combo; avast a detecté un virus "explorer.exe" placé sous system32\drive\
En tous cas internet marche normalement; plus de connexions indésirables. Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:17, on 02/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=FR&language=FR&PURCH_DT_MONTH=07&PURCH_DT_DAY=13&PURCH_DT_YEAR=2004&PROD_SERIAL_ID=CZB419111R&modelID=PC000A&LF=red
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O18 - Protocol: bw+0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2008 à 20:28
ok lablonde38,

donc le fichier explorer.exe a ete supprimé du dossier drivers ?

passe ceci maintenant :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+
0
Bonsoir g!rly

suite au rapport malwarbytes j'ai encore 30 virus trojanvundo
Tu trouveras copie du rapport sous mon message

Pendant l'analyse, avast m'a signalé plusieurs virus :

C:\systemVolumeinformation\-restore{AA3F8FOA-60AD-4079-B1 (celui-ci est revenu à 4 reprises malgré que j'ai cliqué sur suppr sur la boîte de dialogue avast)

C:\Qoobox\Quarantaine\C\Windows\system32\apfcavde.dll.vir (à priori suppr via avast)
C:\Qoobox\Quarantaine\C\Windows\system32\mfmqinuj.dll.vir (à priori suppr via avast)
C:\Qoobox\Quarantaine\C\Windows\system32\pammjnej.dll.vir (à priori suppr via avast)

je suis allée sur Qoobox\C\Windows\system32 pour voir si les fichiers ci dessus étaient encore là, ils n'y sont plus en revanche s'est bourrés de fichiers avec des extensions ".dll.vir" ça m'inquiète mais c peut-être normal


Sinon voici le rapport

Merci d'avance pour ton aide précieux, j'ai bien les nerfs avec ce V

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1450
Windows 5.1.2600 Service Pack 1

02/12/2008 22:21:00
mbam-log-2008-12-02 (22-20-56).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 123373
Temps écoulé: 34 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 30

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\apfcavde.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mfmqjnuj.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nimusofa.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pammjnej.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tilosupi.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\womezila.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1032\A0139910.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1032\A0144079.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1032\A0144096.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1032\A0144098.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1032\A0144102.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0144163.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0146163.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0146231.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0146234.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0146235.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0146236.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0146251.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0146252.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0146278.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1033\A0146339.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1034\A0146387.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1034\A0147434.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1034\A0148522.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1035\A0148693.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1035\A0148705.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1035\A0148707.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1035\A0148713.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1035\A0148718.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP1035\A0148722.dll (Trojan.Vundo) -> No action taken.
0
PS./ Je ne sais pas si j'ai bien fait mais j'ai cliqué sur le bouton supprimer la sélection (de toute la liste des méchants trojan)...
En fait quand j'ai vu où ils se situaient ca correspondait aux chemins d'accès des virus cités ci-dessus

Voilà je ne sais pas où en est mon ordi

@+
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 déc. 2008 à 00:27
tu as bien fait de tout supprimer, pour ce qui est dans qoobox c´est la quarantaine de combofix, c´est ok :)

puis les trentes trojants decouverts; ils sont dans la restauration system c´est pas grave en soie

post un dernier rapport hijack this stp

@+
0
Hello G!rly

Tu trouveras le rapport hijack sous mon message
Donc à priori tout est OK ????

Je voudrais dire un immense merci à toi g!rly pour m'avoir aidée à résoudre ce pb et merci au forum comment ça marche qui permet de s'entraider.

Dernière question :
A ton avis comment j'ai pu attaper tous ces virus, je fais normalement super attentio à ttes les PJ que j'ouvre et aux sites sur lesquels je surfe ????
J'ai désormais monté tous les service avast sur protection élévée.


@+


La Blonde 38




--------------------- Rapport Hijack-----------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:58, on 03/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=011&gwCountry=FR&language=FR&PURCH_DT_MONTH=07&PURCH_DT_DAY=13&PURCH_DT_YEAR=2004&PROD_SERIAL_ID=CZB419111R&modelID=PC000A&LF=red
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O18 - Protocol: bw+0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
PS./ J'attends que tu me dises que tout est OK pour passer le statut de ma note en "résolu" (il me semble qu'il y a une manip à faire en ce sens ???)
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 déc. 2008 à 18:38
Salut lablonde38,

a l´aide de hijack this coche et fix :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/...
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O18 - Protocol: bw+0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {99C5BE5A-966B-4456-AFE1-F83DC113DECB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

comment fixer :


Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

desinstalle avast acr maintenant tu as antivir :)

telecharge ce par feu :

zone alarm

https://www.malekal.com/tutoriel-zonealarm-firewall/

+

anti spyware :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

+

important :

regarde ce tutorial pour mettre ta console java a jour :

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...

et

ta version de acrobat reader n´est pas a jour, tu veux la derniere verion en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou oublie completement acrobat reader et instales foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

encore plus important :

tu surf avec internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0

https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70

et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.mozilla-europe.org/fr/

plugins :ad block plus, no script

https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

pour supprimer les outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

courage :)

@+
0
Bonjour g!rly
Désolée de revenir vers toi si tard mais priorité aux enfants toD, instit malade

Alors j'ai quasi tout suivi ce que tu m'as dit sauf :
- Pas desinstaller Avast car je ne vois pas où j'ai antivir sur mon ordi - A moins qu'Alarm Zone = antivir ???

Tu me parle d'anti spyware mais pas de lien est-ce le M que spyware blaster ?

J'ai bien installé spywareblaster mais j'avais déjà spyware doctor - est-ce que je désinstalle spyware doctor ?

J'ai fait les màj JAVA et acrobat

J'ai voulu installer IE7 mais ça plante au dernier moment "Internet Explorer 7 n'est pas pris en charge par votre systéme d'exploitation" - je suis allée voir dans "executer" ma config = Version 5
1 (numéro 2600.xpsp2.050301.152: Sevice Pack 1)
J'ai tenté avec la version SP2 mais ça ne passe pas non plus("Cette installation ne prend pas en charge la version actuemme du SP de votre système d'exploitation")

Je te poste ci-dessous le rapport PC tools mais là aussi il y a eu plantage à la fin de la sauvegarde (heureusement j'avais fait auparavant un copier coller dans word - que je te mets ci dessous car je ne sais pas si le fichier txt est ok vu le mess d'erreur que j'avais eu)

Est-ce que j'ai d'autres manip à faire ?
Que faire pour IE7 ?


Thanks
--------------------------
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\VundoFix.txt: trouvé !
C:\Combofix.txt: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Administrateur\Recent\MSNFix.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Default User\Recent\MSNFix.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Recent\HijackThis.lnk: trouvé !
C:\Program Files\ComboFix.exe: trouvé !
C:\Program Files\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\system32\config\systemprofile\Recent\MSNFix.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Administrateur\Recent\MSNFix.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Default User\Recent\MSNFix.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Recent\HijackThis.lnk: supprimé !
C:\Program Files\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\WINDOWS\system32\config\systemprofile\Recent\MSNFix.lnk: supprimé !
C:\VundoFix.txt: supprimé !
C:\Combofix.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
4 déc. 2008 à 15:40
salut lablonde38.

oui les enfants d´abord !

antivir = antivirus

zone alarm = par feu

alors il faudrait que tu aies les deux :)

pour desinstaller avast :

Désinstalleur Avast:
https://www.avast.com/fr-fr/uninstall-utility

tu peux desinstaller spywaredoctor et utiliser malwarebytes pour scanner ton pc de temps en temps

utilise ceci aussi pour nettoyer ton registre et vider les fichiers temporaires régulièrement :

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

pour ie 7.0 c´est vrai qu´il ne doit pas etre pas compatible avec le sp 1 mais devrait l´être avec le 2 ???

essaie de télécharger le sp3 pour voir :)

@+
0
Salut G!rly,

Je t'avais répondu vendredi mais je vois pas le mess dans les discussions donc je suis pas sûre que tu l'aies reçu

Par rapport à ce que tu m'as dit :

J'ai supprimé Docteur Spyware
J'ai installé Spyware Doctor
J'ai téléchargé Cc Cleaner et ai analysé les registres - Il y en a toujours une qui subsiste malgré plusieurs tentatives
Rapport :
Icone par Défaut Invalide - C:\Program Files\Zone Labs\ZoneAlarm\UpdClient.exe,-279 -HKCR\ZAMailSafe\DefaultIcon
J'ai nettoyé également windows et applications (j'ai les rapports mais super super longs donc difficiles à poster)
J'ai essayé SP3 pour IE7 mais ça ne marche pas non plus - il faudrait peut-être que je télécharge firefox.

Pour l'antivirus avant de suppr Avast - est-ce que Malwarebytes = antivir ou en faut-il un autre ?

A priori tout est OK pour moi
Est-ce que je peux clore la discussion en mode résolu ?


Mille fois merci

lablonde38
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
13 déc. 2008 à 18:38
salut,

excuse pour le delais,

montre moi un nouveau rapport hijack this stp

@+
0
Salut

Cc cleaner m'avait fait supprimer Hijack je l'ai retéléchargé

Voici le rapport

@+

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:46, on 15/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
15 déc. 2008 à 21:13
salut lablonde38

désinstalle avast

Désinstalleur Avast:
https://www.avast.com/fr-fr/uninstall-utility

@+
0
Salut
J'ai déstinstallé avast
@+ thanks

voici le nouveau rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:49, on 16/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
voici le rapport

[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Propriétaire\Recent\HijackThis.lnk: trouvé !
C:\Program Files\ComboFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Propriétaire\Recent\HijackThis.lnk: supprimé !
C:\Program Files\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !
0