ouverture de fenêtres multiples de "advanced find"outlook
Dernière réponse : dans Sécurité
Bonjour,
Depuis ce matin, ma collegue n'arrive plus a travailler car quand elle ecrit un message avec Outlook (version 2000), elle a plus d'une centaine de fenetres "advanced find"qui s'ouvrent.
Quoiqu'elle fasse, elle se retrouve avec ces fenetres: quand elle utilise skype, c'est une fenetre explorer search qui s'ouvre.
Nous avons fait un scan pc avec Panda qui dit qu'elle a winfixer2005.
Comment dois-je proceder pour l'enlever et est ce que cela resoudra son probleme ?
Merci de votre aide
Catherine
Autres pages sur : ouverture fenetres multiples advanced find outlook
Lassé par la pub ? Créez un compte
Bonjour,
1/ Si tu as conservé le rapport généré par Panda poste le ici.
2/ Poste un log HijackThis.
Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Ensuite, lance le, appuie sur Do a system scan a save a logfile, et donne nous le résultat du scan
www.infos-du-net.com/telecharger/HijackThis.html
1/ Si tu as conservé le rapport généré par Panda poste le ici.
2/ Poste un log HijackThis.
Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Ensuite, lance le, appuie sur Do a system scan a save a logfile, et donne nous le résultat du scan
www.infos-du-net.com/telecharger/HijackThis.html
Voici le log Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 12:20:38 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\VEXPLITE\viritsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\FRSCO~1.SER\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer From Wanadoo Spain
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;<local>
O2 - BHO: MSEvents Object - {84827015-AC55-4ABD-B9DB-869DD8393F94} - C:\WINDOWS\system\diskas.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.es
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {00000006-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms6 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall6.cab
O16 - DPF: {00000008-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms8 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {20272586-1BDD-4833-ACAC-3A0D764A03A9} (OOUploadControl Class) - http://easyshare.oodrive.com/common/activex/upload.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://h41209.www4.hp.com/HPRC/Media/RemoteControl/MotV...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = server1.local
O17 - HKLM\Software\..\Telephony: DomainName = server1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = server1.local
O18 - Protocol: bw+0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: diskas - C:\WINDOWS\system\diskas.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Voici le rapport Panda
Incident Statut Analyse
Dialer
ialer.akd No Désinfecté C:\Documents and Settings\frsco.SERVER1\Start Menu\Programs\WinMoviePlugIn.lnk Dialer
ialer.dvt No Désinfecté c:\windows\downloaded program files\adulto.exe Dialer
ialer.dyn No Désinfecté c:\windows\downloaded program files\dai.exe Dialer
ialer.eip No Désinfecté c:\windows\downloaded program files\dialere.exe Dialer
ialer.eim No Désinfecté c:\windows\downloaded program files\dialer_a.exe Dialer
ialer.fer No Désinfecté c:\windows\downloaded program files\newX.exe Outil indésirable:application/winfixer2005 No Désinfecté hkey_classes_root\appid\compcln.dll
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
Spyware:Cookie/Valueclick No Désinfecté C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@247realmedia[1].txt
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@247realmedia[2].txt
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@2o7[1].txt
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@2o7[2].txt
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@a.as-us.falkag[2].txt
Spyware:Cookie/Abcsearch No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@abcsearch[1].txt
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Admotion No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@admotion.com[2].txt
Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@ads.pointroll[2].txt
Spyware:Cookie/Adserver No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@adserver.terra[1].txt
Spyware:Cookie/Adserver No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@adserver.terra[2].txt
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@adtech[1].txt
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@adtech[3].txt
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@advertising[1].txt
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@advertising[2].txt
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@as1.falkag[2].txt
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@as1.falkag[3].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@atdmt[1].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@atdmt[3].txt
Spyware:Cookie/Atwola No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@atwola[1].txt
Spyware:Cookie/Atwola No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@atwola[2].txt
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@bannerlandia.com[1].txt
Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@bfast[2].txt
Spyware:Cookie/Bilbo.counted No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@bilbo.counted[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@bluestreak[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@bluestreak[3].txt
Spyware:Cookie/bravenetA No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@bravenet[2].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@bs.serving-sys[1].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@bs.serving-sys[3].txt
Spyware:Cookie/Enhance No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@c.enhance[1].txt
Spyware:Cookie/Enhance No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@c.enhance[2].txt
Spyware:Cookie/CentrPort No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@centrport[1].txt
Spyware:Cookie/CentrPort No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@centrport[2].txt
Spyware:Cookie/Cgi-bin No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@cgi-bin[2].txt
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@com[2].txt
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@com[3].txt
Spyware:Cookie/Count.eanalyzer No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@count.eanalyzer[1].txt
Spyware:Cookie/Count.eanalyzer No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@count.eanalyzer[2].txt
Spyware:Cookie/Hitslink No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@counter.hitslink[2].txt
Spyware:Cookie/360i No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@ct.360i[1].txt
Spyware:Cookie/360i No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@ct.360i[2].txt
Spyware:Cookie/Coremetrics No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@data.coremetrics[2].txt
Spyware:Cookie/Dbbsrv No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@dbbsrv[1].txt
Spyware:Cookie/DomainSponsor No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@domainsponsor[2].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@doubleclick[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@doubleclick[2].txt
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@ehg.hitbox[2].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fastclick[1].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fastclick[2].txt
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fastclick[3].txt
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fe.lea.lycos[3].txt
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fe.lea.lycos[4].txt
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fe.lea.lycos[5].txt
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fl01.ct2.comclick[1].txt
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fl01.ct2.comclick[3].txt
Spyware:Cookie/FortuneCity No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@fortunecity[2].txt
Spyware:Cookie/Gator No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@gator[1].txt
Spyware:Cookie/Gator No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@gator[2].txt
Spyware:Cookie/GoStats No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@gostats[2].txt
Spyware:Cookie/Humanclick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@hc2.humanclick[2].txt
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@hg1.hitbox[1].txt
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@hitbox[1].txt
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@hitbox[2].txt
Spyware:Cookie/Itrack No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@ilead.itrack[1].txt
Spyware:Cookie/DomainSponsor No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@landing.domainsponsor[1].txt
Spyware:Cookie/Maxserving No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@maxserving[1].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@mediaplex[1].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@mediaplex[2].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@overture[2].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@overture[3].txt
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@phg.hitbox[1].txt
Spyware:Cookie/Mircx No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@pop.mircx[1].txt
Spyware:Cookie/Match No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@promo.match[1].txt
Spyware:Cookie/Match No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@promo.match[2].txt
Spyware:Cookie/QkSrv No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@qksrv[1].txt
Spyware:Cookie/QuestionMarket No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@questionmarket[1].txt
Spyware:Cookie/QuestionMarket No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@questionmarket[2].txt
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@realmedia[1].txt
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@realmedia[2].txt
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@realmedia[4].txt
Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@revenue[1].txt
Spyware:Cookie/Rn11 No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@rn11[2].txt
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@servedby.advertising[2].txt
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@servedby.advertising[3].txt
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@server.iad.liveperson[1].txt
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@server.iad.liveperson[3].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@serving-sys[2].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@serving-sys[3].txt
Spyware:Cookie/SpyLog No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@spylog[2].txt
Spyware:Cookie/onestat.com No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@stat.onestat[1].txt
Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@statcounter[1].txt
Spyware:Cookie/Clicktracks No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@stats1.clicktracks[1].txt
Spyware:Cookie/Tickle No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@tickle[1].txt
Spyware:Cookie/Tickle No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@tickle[2].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@tradedoubler[1].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@trafficmp[1].txt
Spyware:Cookie/Traffic Marketplace No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@trafficmp[2].txt
Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@tribalfusion[1].txt
Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@tribalfusion[2].txt
Spyware:Cookie/Valueclick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@valueclick[1].txt
Spyware:Cookie/Valueclick No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@valueclick[2].txt
Spyware:Cookie/Tickle No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@web.tickle[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@weborama[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@weborama[3].txt
Spyware:Cookie/myaffiliateprogram No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@xiti[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@xiti[2].txt
Spyware:Cookie/Xmts No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@xmts[1].txt
Spyware:Cookie/XXXtoolbar No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@xxxtoolbar[1].txt
Spyware:Cookie/Yadro No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@yadro[2].txt
Spyware:Cookie/Adserver No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@z1.adserver[1].txt
Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@zedo[1].txt
Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\frsco\Cookies\frsco@zedo[2].txt
Bonjour,
Difficile à croire que ce soit un PC de boulot a part peut etre etes vous animatrice de salon X![:p]( ":p")
anolol: bref...
1/ Télécharge et installe CCleaner
http://www.clubic.com/telecharger-fiche14492-ccleaner-c...
Télécharge, installe et mets à jour ewido
Pendant l'installation, sur la page "Additional Options" décoche les deux options "Install background guard" et "Install scan via context menu".
http://www.infos-du-net.com/telecharger/Ewido-Security-...
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
3/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
5/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
C:\Documents and Settings\frsco.SERVER1\Start Menu\Programs\WinMoviePlugIn.lnk
c:\windows\downloaded program files <== le dossier
6/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
7/ Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
8/ Redémarre normalement et poste le rapport Ewido et un nouveau rapport HijackThis.
Difficile à croire que ce soit un PC de boulot a part peut etre etes vous animatrice de salon X
anolol: bref...1/ Télécharge et installe CCleaner
http://www.clubic.com/telecharger-fiche14492-ccleaner-c...
Télécharge, installe et mets à jour ewido
Pendant l'installation, sur la page "Additional Options" décoche les deux options "Install background guard" et "Install scan via context menu".
http://www.infos-du-net.com/telecharger/Ewido-Security-...
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
3/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
5/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
C:\Documents and Settings\frsco.SERVER1\Start Menu\Programs\WinMoviePlugIn.lnk
c:\windows\downloaded program files <== le dossier
6/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
7/ Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
8/ Redémarre normalement et poste le rapport Ewido et un nouveau rapport HijackThis.
Bonjour,
Effectivement, pour son boulot, ma collegue travaille quasiment a 100% sur internet et surfe sur un sacre nombre de sites: d'ou la possibilite accrue d'etre infectee.
Le rapport Ewido est trop long pour que je le poste sur ici (elle avait plus de 2000 elements a deleter). Comment puis-je faire pour vous le faire parvenir ?
Voici le rapport Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 7:44:06 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\FRSCO~1.SER\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer From Wanadoo Spain
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;<local>
O2 - BHO: MSEvents Object - {84827015-AC55-4ABD-B9DB-869DD8393F94} - C:\WINDOWS\system\diskas.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.es
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {00000006-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms6 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall6.cab
O16 - DPF: {00000008-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms8 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {20272586-1BDD-4833-ACAC-3A0D764A03A9} (OOUploadControl Class) - http://easyshare.oodrive.com/common/activex/upload.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://h41209.www4.hp.com/HPRC/Media/RemoteControl/MotV...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = server1.local
O17 - HKLM\Software\..\Telephony: DomainName = server1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = server1.local
O18 - Protocol: bw+0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: diskas - C:\WINDOWS\system\diskas.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Effectivement, pour son boulot, ma collegue travaille quasiment a 100% sur internet et surfe sur un sacre nombre de sites: d'ou la possibilite accrue d'etre infectee.
Le rapport Ewido est trop long pour que je le poste sur ici (elle avait plus de 2000 elements a deleter). Comment puis-je faire pour vous le faire parvenir ?
Voici le rapport Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 7:44:06 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\FRSCO~1.SER\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer From Wanadoo Spain
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;<local>
O2 - BHO: MSEvents Object - {84827015-AC55-4ABD-B9DB-869DD8393F94} - C:\WINDOWS\system\diskas.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.es
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {00000006-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms6 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall6.cab
O16 - DPF: {00000008-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms8 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {20272586-1BDD-4833-ACAC-3A0D764A03A9} (OOUploadControl Class) - http://easyshare.oodrive.com/common/activex/upload.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://h41209.www4.hp.com/HPRC/Media/RemoteControl/MotV...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = server1.local
O17 - HKLM\Software\..\Telephony: DomainName = server1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = server1.local
O18 - Protocol: bw+0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: diskas - C:\WINDOWS\system\diskas.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
je pense que tu as une infection de type vundo:
DESINFECTION VUNDO (postee par ChercheurPCA)
Télécharge VundoFix sur ton Bureau.
. Double-clique VundoFix.exe.
. Clique sur le bouton Scan for Vundo.
. Puis clique sur le bouton Remove Vundo.
. Ensuite sur yes pour confirmer
. Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
. Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
. Démarre ton PC à nouveau.
. Colle le rapport situé dans C:\vundofix.txt ici.
Puis repost un log hijackthis
DESINFECTION VUNDO (postee par ChercheurPCA)
Télécharge VundoFix sur ton Bureau.
. Double-clique VundoFix.exe.
. Clique sur le bouton Scan for Vundo.
. Puis clique sur le bouton Remove Vundo.
. Ensuite sur yes pour confirmer
. Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
. Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
. Démarre ton PC à nouveau.
. Colle le rapport situé dans C:\vundofix.txt ici.
Puis repost un log hijackthis
Bonsoir,
Si j'arrive a desincter son PC, elle m'offrira un show ? :-D (MDRR ils vont tous repondre pour essayer de regler son PB)
1/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {00000006-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms6 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall6.cab
O16 - DPF: {00000008-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms8 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {20272586-1BDD-4833-ACAC-3A0D764A03A9} (OOUploadControl Class) - http://easyshare.oodrive.com/common/activex/upload.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://h41209.www4.hp.com/HPRC/Media/RemoteControl/MotV...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = server1.local
O17 - HKLM\Software\..\Telephony: DomainName = server1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = server1.local
O18 - Protocol: bw+0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
2/ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
>Double-clique VundoFix.exe afin de le lancer.
>Clique sur le bouton Scan for Vundo.
>Lorsque le scan est complété, clique sur le bouton Remove Vundo.
>Une invite te demandera si tu veux supprimer les fichiers, clique YES
>Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
>Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
>Démarre ton PC à nouveau.
>Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
http://www.atribune.org/downloads/VundoFix.exe
3/ Télécharge, installe et mets à jour ewido
Pendant l'installation, sur la page "Additional Options" décoche les deux options "Install background guard" et "Install scan via context menu".
http://www.infos-du-net.com/telecharger/Ewido-Security-...
Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
Redémarre normalement et poste le rapport d'ewido ainsi qu’un nouveau Log HijackThis
Si j'arrive a desincter son PC, elle m'offrira un show ? :-D (MDRR ils vont tous repondre pour essayer de regler son PB)
1/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {00000006-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms6 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall6.cab
O16 - DPF: {00000008-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms8 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {20272586-1BDD-4833-ACAC-3A0D764A03A9} (OOUploadControl Class) - http://easyshare.oodrive.com/common/activex/upload.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://h41209.www4.hp.com/HPRC/Media/RemoteControl/MotV...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = server1.local
O17 - HKLM\Software\..\Telephony: DomainName = server1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = server1.local
O18 - Protocol: bw+0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {7FF724E3-A08D-44C1-82F8-2C6C743044F7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
2/ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
>Double-clique VundoFix.exe afin de le lancer.
>Clique sur le bouton Scan for Vundo.
>Lorsque le scan est complété, clique sur le bouton Remove Vundo.
>Une invite te demandera si tu veux supprimer les fichiers, clique YES
>Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
>Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
>Démarre ton PC à nouveau.
>Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
http://www.atribune.org/downloads/VundoFix.exe
3/ Télécharge, installe et mets à jour ewido
Pendant l'installation, sur la page "Additional Options" décoche les deux options "Install background guard" et "Install scan via context menu".
http://www.infos-du-net.com/telecharger/Ewido-Security-...
Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
Redémarre normalement et poste le rapport d'ewido ainsi qu’un nouveau Log HijackThis
Bonjour,
Nous avons suivi toute la procedure precedente et apparemment depuis 30mn, ma collegue n'a plus de fenetres intempestives qui apparaissent.
Je vous joins tout de meme les derniers rapports et vous remercie pour votre aide precieuse.
Catherine
Rapport Vundo
Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------
killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt
--------------------------------------------------------------------------------------
Filepaths entered
--------------------------------------------------------------------------------------
The filepath entered was
The second filepath entered was
--------------------------------------------------------------------------------------
Log from Process
--------------------------------------------------------------------------------------
Killing PID 984 'smss.exe'
Killing PID 3276 'explorer.exe'
Killing PID 3276 'explorer.exe'
Killing PID 1056 'winlogon.exe'
Killing PID 1056 'winlogon.exe'
Killing PID 1056 'winlogon.exe'
Killing PID 1056 'winlogon.exe'
Killing PID 1056 'winlogon.exe'
--------------------------------------------------------------------------------------
Fixing Registry
--------------------------------------------------------------------------------------
Rapport Ewido
--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 6:30:18 PM, 5/24/2006
+ Report-Checksum: 4521DBB3
+ Scan result:
C:\Documents and Settings\frsco.SERVER1\Cookies\frsco@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
::Report End
Rapport Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 6:38:50 PM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\VEXPLITE\viritsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SpyBro\SpyBro.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\FRSCO~1.SER\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer From Wanadoo Spain
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;<local>
O2 - BHO: MSEvents Object - {84827015-AC55-4ABD-B9DB-869DD8393F94} - C:\WINDOWS\system\diskas.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.es
O15 - Trusted Zone: www.sgrunt.biz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = server1.local
O17 - HKLM\Software\..\Telephony: DomainName = server1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = server1.local
O20 - Winlogon Notify: diskas - C:\WINDOWS\system\diskas.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Nous avons suivi toute la procedure precedente et apparemment depuis 30mn, ma collegue n'a plus de fenetres intempestives qui apparaissent.
Je vous joins tout de meme les derniers rapports et vous remercie pour votre aide precieuse.
Catherine
Rapport Vundo
Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------
killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt
--------------------------------------------------------------------------------------
Filepaths entered
--------------------------------------------------------------------------------------
The filepath entered was
The second filepath entered was
--------------------------------------------------------------------------------------
Log from Process
--------------------------------------------------------------------------------------
Killing PID 984 'smss.exe'
Killing PID 3276 'explorer.exe'
Killing PID 3276 'explorer.exe'
Killing PID 1056 'winlogon.exe'
Killing PID 1056 'winlogon.exe'
Killing PID 1056 'winlogon.exe'
Killing PID 1056 'winlogon.exe'
Killing PID 1056 'winlogon.exe'
--------------------------------------------------------------------------------------
Fixing Registry
--------------------------------------------------------------------------------------
Rapport Ewido
--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 6:30:18 PM, 5/24/2006
+ Report-Checksum: 4521DBB3
+ Scan result:
C:\Documents and Settings\frsco.SERVER1\Cookies\frsco@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
::Report End
Rapport Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 6:38:50 PM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\VEXPLITE\viritsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SpyBro\SpyBro.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\FRSCO~1.SER\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer From Wanadoo Spain
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;<local>
O2 - BHO: MSEvents Object - {84827015-AC55-4ABD-B9DB-869DD8393F94} - C:\WINDOWS\system\diskas.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.es
O15 - Trusted Zone: www.sgrunt.biz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = server1.local
O17 - HKLM\Software\..\Telephony: DomainName = server1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = server1.local
O20 - Winlogon Notify: diskas - C:\WINDOWS\system\diskas.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
bizarre toujours une infection de type vundo:
Spybot-Search & Destroy
Telecharge le sur ce site:
www.infos-du-net.com/telecharger/Spybot-Search-Destroy....
Fais les mise a jour.
Fais un scan et supprime toutes les menaces detecter.
Telecharge a² :
Il necessite un enregistrement sur internet mais il est gratuit.
www.emsisoft.net/fr/software/download/
Fais un scan avec a² et post le log.
Spybot-Search & Destroy
Telecharge le sur ce site:
www.infos-du-net.com/telecharger/Spybot-Search-Destroy....
Fais les mise a jour.
Fais un scan et supprime toutes les menaces detecter.
Telecharge a² :
Il necessite un enregistrement sur internet mais il est gratuit.
www.emsisoft.net/fr/software/download/
Fais un scan avec a² et post le log.
Bonjour,
Effectivement, ma collegue a encore le pb des fenetres Advanced find qui s'ouvrent: elle les a compte, elle en a entre 180 et 200.
Si elle les laisse ouvertes, son PC est fortemenent ralenti car elle n'a plus de RAM. Si elle les ferme, iils s'ouvrent de nouveau.
On va essayer les 2 derniers utilitaires et on vous tient au courant
Catherine
Bonjour Catherine,
Pour Vundo on va changer d'utilitire :
1/ Telecharge VirtumundoBegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGon...
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
3/Double click sur VirtumundoBeGone.exe puis suis les instructions
Quitte lorsque c'est fini
4/Redemarre normalement puis reposte un log HijackThis.
Pour Vundo on va changer d'utilitire :
1/ Telecharge VirtumundoBegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGon...
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
3/Double click sur VirtumundoBeGone.exe puis suis les instructions
Quitte lorsque c'est fini
4/Redemarre normalement puis reposte un log HijackThis.
Bonjour,
Desolee de ne pas avoir donne de nouvelles plus tot mais la situation est vraiment desesperee.
Apres voir fait passer les derniers utilitaires vendredi apres-midi, ma collegue n'a plus eu de probleme pendant 3 jours.
Mais c'est revenu ce matin. c'est terrifiant
Voici le dernier log Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 3:26:15 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VEXPLITE\viritsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Emsi a-squared\a2guard.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\FRSCO~1.SER\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer From Wanadoo Spain
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\Emsi a-squared\a2guard.exe"
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = server1.local
O17 - HKLM\Software\..\Telephony: DomainName = server1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = server1.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Bonjour,
1/ Mets à jour ewido
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
3/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
4/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
5/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
hotkeysvc.exe <== fait une recherche via le menu demarrer/rechercher
cthelper.exe <== fait une recherche via le menu demarrer/rechercher
C:\Program Files\SpyBro
6/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
8/ Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
9/ Redémarre normalement et poste le rapport Ewido et un nouveau rapport HijackThis.
10/ Fait un scan en ligne chez Kaspersky et poste le rapport
http://webscanner.kaspersky.fr/
1/ Mets à jour ewido
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
3/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
4/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché)
5/ ensuite supprime les fichiers et/ou dossiers suivants si présents :
hotkeysvc.exe <== fait une recherche via le menu demarrer/rechercher
cthelper.exe <== fait une recherche via le menu demarrer/rechercher
C:\Program Files\SpyBro
6/ Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
8/ Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
9/ Redémarre normalement et poste le rapport Ewido et un nouveau rapport HijackThis.
10/ Fait un scan en ligne chez Kaspersky et poste le rapport
http://webscanner.kaspersky.fr/
Bonjour,
J'ai suivi les dernieres instructions et voila ce que ca donne:
Avec Ewido, rien trouve !!
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:24:49 PM, 5/30/2006
+ Report-Checksum: B515A6FD
+ Scan result:
No infected objects found.
::Report End
Voici le report Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 5:33:27 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VEXPLITE\viritsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Emsi a-squared\a2guard.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\FRSCO~1.SER\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer From Wanadoo Spain
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\Emsi a-squared\a2guard.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = server1.local
O17 - HKLM\Software\..\Telephony: DomainName = server1.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = server1.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Merci de mettre Hijackthis dans un dossier ;-)
Lance Hijackthis ->Do a system scan only
->Coche la ligne puis Fix checked:
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
Suppime ce fichier si existe:
C:\WINDOWS\system32\req.dat
Connais tu " VEXPLITE " ?
Si tu ne connais pas va sur le site de Virus Total
Analyse ce fichier: C:\VEXPLITE\MONLITE.EXE
Poste le rapport en fin d'analyse
Fais un scan en ligne Kaspersky
Aide pour les scans en ligne
Sauvegarde puis colle le rapport en fin d'analyse.
->Coche la ligne puis Fix checked:
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
C:\WINDOWS\system32\req.dat
Connais tu " VEXPLITE " ?
Si tu ne connais pas va sur le site de Virus Total
Analyse ce fichier: C:\VEXPLITE\MONLITE.EXE
Poste le rapport en fin d'analyse
Aide pour les scans en ligne
Sauvegarde puis colle le rapport en fin d'analyse.
Bonjour,
Je vias faire ces manips.
Mais je ne peux pas faire de scan en ligne avec Kaspersky car ca ne marche qu'avec Internet Explorer. Hors lors d'un check precedent, ewido ou ccleaner (je ne me rappelle plus) a trouve un pb avec Internet Explorer et a supprime le fichier.
J'ai fait installer a ma collegue Firefox Mozilla mais on a essaye de lancer le scan en ligne Kaspersky, ca ne marche pas.
Je vous tiens au courant pour le reste
Merci
Catherine
bjr
pour analyse demandée par Angel
http://virusscan.jotti.org/
http://www.virustotal.com/xhtml/virustotal_en.html
parfois saturés ces sites ..patience
pour analyse demandée par Angel
http://virusscan.jotti.org/
http://www.virustotal.com/xhtml/virustotal_en.html
parfois saturés ces sites ..patience
Re-bonjoure,
Je n'arrive pas a lancer le scan online kaspersky
Quand je le demande avec internet explorer, il me lance la procedure. Quand j'arrive au moment ou il faut installer le controle activX, il me ramene a la page informative (celle ou il fallait cliquer j'accepte ou je refuse). Rien ne se passe comme sur la demo
Merci
Catherine
Je n'arrive pas a lancer le scan online kaspersky
Quand je le demande avec internet explorer, il me lance la procedure. Quand j'arrive au moment ou il faut installer le controle activX, il me ramene a la page informative (celle ou il fallait cliquer j'accepte ou je refuse). Rien ne se passe comme sur la demo
Merci
Catherine
Bonjour Catherine,
Je reprend ce qu'Angeldark ta demandé car on a pas eu de reponse :
1/ Connais tu " VEXPLITE " ?
Si tu ne connais pas va sur le site de Virus Total
Analyse ce fichier: C:\VEXPLITE\MONLITE.EXE
Poste le rapport en fin d'analyse
www.virustotal.com/flash/index_en.html
Sont tuto. d'utilisation :
http://forum.telecharger.01net.com/microhebdo/questions...
2/ Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
Va sur cette page
http://www.google.fr/search?hl=fr&q=metallica.geekstogo...
Tu fais le clic droit puis Enregistrer la cible du lien sous
Afin de télécharger Alcanshorty.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Alcanshorty.bfu et BFU.exe (très important).
Redémarre en mode sans echec Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
Lance le nettoyage avec CCleaner.
Démarre le "Brute Force Uninstaller" en double-cliquant [/b]BFU.exe[/b] (du dossier C:\BFU)
Sous Scriptline to execute copie/colle cette ligne :
c:\bfu\Alcanshorty.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.
Redemarre normalement
3/ Telecharge Spyware Terminator
http://www.spywareterminator.com/
Installe le dans son répertoire.
Tutorial d’utilisation :
http://www.malekal.com/tutorial_SpywareTerminator.html
4/ Poste le rapport de spywareterminator et un nouveau rapport HJT
Je reprend ce qu'Angeldark ta demandé car on a pas eu de reponse :
1/ Connais tu " VEXPLITE " ?
Si tu ne connais pas va sur le site de Virus Total
Analyse ce fichier: C:\VEXPLITE\MONLITE.EXE
Poste le rapport en fin d'analyse
www.virustotal.com/flash/index_en.html
Sont tuto. d'utilisation :
http://forum.telecharger.01net.com/microhebdo/questions...
2/ Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
Va sur cette page
http://www.google.fr/search?hl=fr&q=metallica.geekstogo...
Tu fais le clic droit puis Enregistrer la cible du lien sous
Afin de télécharger Alcanshorty.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Alcanshorty.bfu et BFU.exe (très important).
Redémarre en mode sans echec Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
Lance le nettoyage avec CCleaner.
Démarre le "Brute Force Uninstaller" en double-cliquant [/b]BFU.exe[/b] (du dossier C:\BFU)
Sous Scriptline to execute copie/colle cette ligne :
c:\bfu\Alcanshorty.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.
Redemarre normalement
3/ Telecharge Spyware Terminator
http://www.spywareterminator.com/
Installe le dans son répertoire.
Tutorial d’utilisation :
http://www.malekal.com/tutorial_SpywareTerminator.html
4/ Poste le rapport de spywareterminator et un nouveau rapport HJT
Lassé par la pub ? Créez un compte
- Contenus similaires :
- solutionsOuverture des liens internet dans outlook
- ForumAccess07 formulaire ouverture multiple
- ForumVlc ouverture multiple
- ForumOuverture fenêtre intempestive
- ForumOuverture outlook demarrage
- ForumOuverture de liens avec outlook 2007
- ForumAutoriser ouverture de liens sur outlook
- ForumOuverture de fenêtre intempestive
- ForumOutlook, ouverture fichiers video
- solutionsOuverture multiple d'un dossier
- Voir plus
