|
|
Auteur
|
Message
|
1
|
|
|
|
|
bonjour en faisant un scan de mon pc avec superpyware avast ces mis en route es a detecté un virus je les mis en quarantaine mais quand je fait un scan dans la zone quarantaine avast dis qu il y as toujour un virus, il ce trouve dans systeme volume information/_restore et le virus est : win32 rootkit-gen [rtk] merci de m aider a l enlever ou je dois refaire le pc !!! je vous remercie pour l aide que vous me donnerais firebladejm
|
|
Imagine ...
|
|
|
 firebladejm
Purge la restauration du système :
Dans le menu Démarrer, clique droit sur l'icône Poste de travail.
Dans le menu qui s'affiche, clique sur Propriétés .
Dans l'onglet Restauration du système de la fenêtre qui suit, coche la
case Désactiver la Restauration du système sur tous les lecteurs, clique sur
Appliquer et, quand un message te le demande, confirme la désactivation.
Après quelques secondes d'attente (ou après avoir redémarré le PC), décoche la
case Désactiver la Restauration du système sur tous les lecteurs.
Clique sur OK.
|
|
|
|
|
|
bonjour merci pour ton aide j ai fait ce que tu as dis et reverifier dans la zone de quarantaine et sa as mis pas de virus ! apres j ai etait dans visualiseur de journal dans avast et dans conseil j ai ; syteme the virus database (vps 080510-0)was automatically updated !!! en plus les zone entre parenthese demare de vps 080510-0 a vps080516-0 et wps 080518-0 ?? . mais le pc fonctionne toujour mal apres avoir fait comme tu as dis meme apres avoir fait des scan avec avast ccleaner superspyware et pcdoctor, je dois refaire mon pc portable ou j ai un autre probleme que je trouve pas. encore merci pour l aide que vous trouverez
|
|
Imagine ...
|
|
|
firebladejm
Fais un scan HijackThis et poste le rapport.
|
|
|
|
|
merci pour ton aide voila j ai fais le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:16, on 18/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m(...)
O18 - Protocol: bw+0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 23066 bytes
|
|
|
|
|
et la suite
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:26, on 18/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m(...)
O18 - Protocol: bw+0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {421F6315-6A61-45B3-ADD5-E0C696AE7190} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 23066 bytes
|
|
Imagine ...
|
|
|
...
Supprime un des deux rapports HijackThis !
Pour cela, replaces-toi sur un des deux et clique sur  .
Une fois dans le message, tu vas en bas et
et tu coches > Supprimer ce message.
Puis, clique sur > Poster ce message.
------
Sur ton bureau, télécharge GenProc (de narco4 & jean-chretien1)
Dézippe le dossier ; double-clique sur GenProc.bat ![[:jean-chretien1:3]](/data/globaldata/usmilies/jeanchretien1-3.gif "[:jean-chretien1:3]") … et poste
le contenu du rapport qui s'ouvre (que tu découvres une procédure ou pas !).
![[:Poulbot:6]](/data/globaldata/usmilies/poulbot-6.gif "[:Poulbot:6]") Aide en images
|
|
|
|
|
j ai fait comme tu as dis le seul problème je sais pas quel ligne enlever ca m indique rien, je dois tous effacer et essayer avec le fichier zip j ai essayer mais ca me dis qu il y s rien pas d infection sans enlever avec hjt .
j espere ne pas avoir fait une boulette .
a oui maintenant quand j allume mon pc ces de plus en plus long et avast et hors service et ce remet en service apres quelque seconde mais ca me dis que j ai pas d'antivirus au debut et les iconne de bureau clignote ??? la je ne cromprend plus rien deja que je suis pas doué en informatique alors ....... merci
|
|
Imagine ...
|
|
|
...
Tu as un problème avec GenProc ? Précise ...
-------
Télécharge SDFix (par AndyManchesta)
Redémarre en mode sans échec (de préférence par F8 au démarrage) :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/200203251(...)
Double-clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur
RunThis.cmd (ou RunThis.bat) pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre des trojans trouvés puis te
demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va
Continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera
Aussi dans le dossier SDFix sous le nom Report.txt.
Copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
|
|
|
|
|
bonsoir voila j ai fait ce que tu as demander voila la reponse je te remercie pour ton aide.
SDFix: Version 1.183
Run by dragon on 18/05/2008 at 22:32
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\dragon\MESDOC~1\y\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 22:38:29
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d079b6]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d079b6]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000093
"TracesSuccessful"=dword:00000009
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\DOCUME~1\dragon\MESDOC~1\y\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 11 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 10 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8171d23d6d072d8b50d065ca55a754fb\BIT8.tmp"
Sat 10 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT6.tmp"
Finished!
|
|
Imagine ...
|
|
|
...
Fais ce scan en ligne …
http://www.n9ws.com/webscanner/kavwebscan.html
En bas de page, clique sur > Accept.
Laisse faire les définitions, mises à jour et installation d' ActiveX.
Puis, clique sur Next (suivant) > My Computer (Poste de travail).
Le scan commence. Patiente ...
Une fois le scan achevé, clique sur > Save report (enregistrer rapport sous …)
et enregistre-le quelque part (ex. bureau ou « mes documents »).
Poste-le dans ta prochaine réponse.
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée",
va dans Ajout/Suppression de progr., puis désinstalle On-Line Scanner ;
ensuite, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
|
|
|
|
|
j ai refait un scanne en cas ou il y aurais une erreur de m as part apparament ces les memes
SDFix: Version 1.183
Run by dragon on 18/05/2008 at 22:52
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\dragon\MESDOC~1\y\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 22:57:30
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d079b6]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d079b6]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000094
"TracesSuccessful"=dword:00000009
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\DOCUME~1\dragon\MESDOC~1\y\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 11 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 10 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8171d23d6d072d8b50d065ca55a754fb\BIT8.tmp"
Sat 10 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT6.tmp"
Finished!
|
|
|
|
|
|
je n es pas executé ton dernier message leur site dis que leur serveur et en maintenance je le ferais demain je te souhaite ne bonne fin de soiré et merci pour tout
|
|
|
|
|
bonjour voila j ai fait le scan le premier avais planté j ai du faire ctrl/alt/suppr pour pouvoir le refaire meme avec ca je ne pouvais plus acceder au menu demarrer pour redemarer mon pc j ai du couper l alimentation electrique et le redemarrer ensuite ??.
KASPERSKY ON-LINE SCANNER REPORT
Monday, May 19, 2008 1:53:23 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 19/05/2008
Enregistrements dans la base antivirus Kaspersky : 699839
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
C:\
D:\
Statistiques de l'analyse
Total d'objets analysés 62109
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:49:46
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05172008-190232.log L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-19-2008( 12-33-44 ).LOG L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\Local Settings\Temp\ mon003.log L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\dragon\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLML_MAIN\CLML.db L'objet est verrouillé ignoré
C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\BWDocMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\BWInfopakMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\chandir.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\chandir.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\chn.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\chn.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\D0000000.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\inuse.txt L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\L0000002.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\main.log L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs_die.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs_die.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs_dnd.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs_dnd.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs_ext.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs_ext.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs_rcv.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\prs_rcv.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\storydb.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\dragon\Data\storydb.idx L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{461A21F8-5678-45ED-8733-16C6757D51C3}\RP4\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\sqlite_qx8xv4td162vSds L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
|
|
Imagine ...
|
|
|
firebladejm
Statistiques de l'analyse
Total d'objets analysés 62109
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:49:46 C' est déjà ça !
Avec GenProc, ça donne quoi ?
|
|
|
|
|
voila avec genproc
GenProc 1.951 [4] 19/05/2008 - Windows [XP] : Aucune infection caractéristique trouvée
mais quan je fait un scan avec pcdotor il me dis que je suis toujour infecter ??
|
|
|
| |
Jules Renard