trojan-gen

Télécharge HijackThis v1.99.1.
http://www.merijn.org/files/hijackthis.zip
Mets-le dans un dossier spécialement créé pour lui, par exemple C:\HijackThis.
Ouvres son dossier, repères l'icone avec les bâtons de dymnamites.
Fais un clic-droit dessus et choisis "renommer"
Appelles-le scanner.exe
Ferme les programmes inutiles.
Exécute-le et clique sur Do a system scan and save a logfile.
Ne coche rien.
Copie le rapport et colle-le dans un message.

salut il mafioso g fait comme vous m'avez demandé c'etait du charabia au départ mais je m'en suis quand meme tiré j'attends votre diagnostic ,docteur!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Logfile of HijackThis v1.99.1
Scan saved at 10:27:14, on 17/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\WINDOWS\system32\dllhost.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [MapiMailGlobalPlay] C:\Documents and Settings\All Users\Application Data\Kindjugsmapimail\Axis Regs.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\fbmtxawf.dll",setvm
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [flapeach] C:\DOCUME~1\HP_ADM~1\APPLIC~1\KINDME~1\FIND THIRD.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1ae3d147ec8249449af65b883f7a7411
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1ae3d147ec8249449af65b883f7a7411
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O18 - Protocol: bw+0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe

salut a toi il mafioso je te poste le rapport de genproc comme tu me la demandé merci poRapport GenProc 0.20 effectué le 19/03/2007 à 8:59:11,71 - SystemRoot = C:\WINDOWS

# Etape 1/ Télécharge :

- CCleaner http://www.filehippo.com/download_ccleaner.html ("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

Télécharge lopxpMH_Beta http://www.alt-shift-return.org/In [...] 2_Beta.zip sur ton bureau.
Dézippe-le (clic droit -> "Extraire ici" ) et double clique sur le fichier lopxpMH.bat. Poste le contenu du rapport qui va s'ouvrir.ainsi qu'un nouveau rapport GenProc

rebonjour je ne pouvais pas finir j'ai été bosser cet amidi je suis chez moi et donc plus dispo pour faire ce que j'ai à faire je t'envoie la seconde moitié dRapport fait à 12:10:37,42 le 19/03/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

21/02/2007 19:38 <REP> .
21/02/2007 19:38 <REP> ..
15/11/2005 03:22 <REP> Identities
15/11/2005 03:22 <REP> Microsoft
04/09/2006 23:08 <REP> Real
10/10/2005 14:24 62 desktop.ini
1 fichier(s) 62 octets
5 R‚p(s) 221ÿ184ÿ774ÿ144 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

15/11/2005 03:22 <REP> .
15/11/2005 03:22 <REP> ..
04/09/2006 22:43 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
04/09/2006 22:36 <REP> ApplicationHistory
15/11/2005 03:22 <REP> Microsoft
04/09/2006 22:36 137 fusioncache.dat
04/09/2006 23:17 3ÿ770ÿ190 IconCache.db
2 fichier(s) 3ÿ770ÿ327 octets
5 R‚p(s) 221ÿ184ÿ770ÿ048 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\All Users\Application Data

21/02/2007 19:38 <REP> .
21/02/2007 19:38 <REP> ..
04/09/2006 23:16 <REP> Adobe
04/09/2006 23:11 <REP> CyberLink
01/03/2007 17:02 <REP> Droppix
17/03/2007 11:05 <REP> Google
17/03/2007 11:14 <REP> Google Updater
04/09/2006 23:46 <REP> Hewlett-Packard
04/09/2006 23:09 <REP> InstallShield
08/03/2007 18:48 <REP> Kindjugsmapimail
01/03/2007 17:03 <REP> LightScribe
26/02/2007 00:51 <REP> Logitech
15/11/2005 03:23 <REP> Microsoft
24/02/2007 10:51 <REP> muvee Technologies
04/09/2006 22:41 <REP> SBSI
04/09/2006 23:04 <REP> Sonic
04/09/2006 23:36 <REP> Symantec
22/02/2007 12:44 <REP> Windows Genuine Advantage
23/02/2007 11:31 <REP> Windows Live Toolbar
19/03/2007 09:13 <REP> Yahoo! Companion
23/02/2007 13:07 <REP> Zylom
10/10/2005 14:24 62 desktop.ini
04/09/2006 23:03 368 hpzinstall.log
2 fichier(s) 430 octets
21 R‚p(s) 221ÿ184ÿ770ÿ048 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\Default User\Application Data

21/02/2007 19:39 <REP> .
21/02/2007 19:39 <REP> ..
15/11/2005 03:23 <REP> Identities
15/11/2005 03:23 <REP> Microsoft
21/02/2007 10:51 <REP> Real
10/10/2005 14:24 62 desktop.ini
1 fichier(s) 62 octets
5 R‚p(s) 221ÿ184ÿ770ÿ048 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

15/11/2005 03:23 <REP> .
15/11/2005 03:23 <REP> ..
21/02/2007 10:51 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
21/02/2007 10:51 <REP> ApplicationHistory
15/11/2005 03:23 <REP> Microsoft
21/02/2007 10:51 137 fusioncache.dat
21/02/2007 10:51 3ÿ770ÿ190 IconCache.db
2 fichier(s) 3ÿ770ÿ327 octets
5 R‚p(s) 221ÿ184ÿ770ÿ048 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\HP_Administrateur\Application Data

21/02/2007 10:52 <REP> .
21/02/2007 10:52 <REP> ..
22/02/2007 16:17 <REP> Adobe
24/02/2007 09:34 <REP> AdobeUM
01/03/2007 16:12 <REP> DivX
01/03/2007 17:02 <REP> Droppix
17/03/2007 11:11 <REP> Google
21/02/2007 20:54 <REP> Help
06/03/2007 21:34 <REP> HPQ
21/02/2007 10:52 <REP> Identities
08/03/2007 18:41 <REP> Kind meta bore
01/03/2007 16:29 <REP> Leadertech
21/02/2007 14:15 <REP> Macromedia
13/03/2007 08:17 <REP> MaxiMemo
21/02/2007 10:52 <REP> Microsoft
28/02/2007 10:22 <REP> Mozilla
23/02/2007 12:30 <REP> MSNInstaller
21/02/2007 10:52 <REP> Real
24/02/2007 11:11 <REP> Shareaza
01/03/2007 16:31 <REP> Sonic
24/02/2007 02:10 <REP> Sun
04/03/2007 18:14 <REP> vlc
23/02/2007 13:08 <REP> Zylom
21/02/2007 10:52 62 desktop.ini
1 fichier(s) 62 octets
23 R‚p(s) 221ÿ184ÿ765ÿ952 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data

21/02/2007 10:52 <REP> .
21/02/2007 10:52 <REP> ..
21/02/2007 10:52 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
22/02/2007 16:17 <REP> Adobe
21/02/2007 10:52 <REP> ApplicationHistory
21/02/2007 13:14 <REP> Google
21/02/2007 20:54 <REP> Help
25/02/2007 06:38 <REP> HP
21/02/2007 21:19 <REP> Identities
21/02/2007 10:52 <REP> Microsoft
28/02/2007 10:23 <REP> Mozilla
24/02/2007 11:11 <REP> Shareaza
02/03/2007 13:41 <REP> SimsStart
02/03/2007 13:41 <REP> SimsWeather
22/02/2007 09:20 10ÿ240 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
21/02/2007 10:52 140 fusioncache.dat
22/02/2007 09:54 60ÿ048 GDIPFONTCACHEV1.DAT
21/02/2007 10:52 5ÿ864ÿ976 IconCache.db
4 fichier(s) 5ÿ935ÿ404 octets
14 R‚p(s) 221ÿ184ÿ749ÿ568 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\john\Application Data

07/03/2007 06:25 <REP> .
07/03/2007 06:25 <REP> ..
18/03/2007 17:03 <REP> Google
07/03/2007 06:25 <REP> Identities
07/03/2007 14:43 <REP> Macromedia
13/03/2007 10:15 <REP> MaxiMemo
07/03/2007 06:25 <REP> Microsoft
07/03/2007 06:25 <REP> Real
11/03/2007 03:08 <REP> Sun
16/03/2007 00:26 <REP> vlc
07/03/2007 06:25 62 desktop.ini
1 fichier(s) 62 octets
10 R‚p(s) 221ÿ184ÿ749ÿ568 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\john\Local Settings\Application Data

07/03/2007 06:25 <REP> .
07/03/2007 06:25 <REP> ..
07/03/2007 06:25 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
07/03/2007 06:25 <REP> ApplicationHistory
18/03/2007 17:03 <REP> Google
07/03/2007 17:35 <REP> Identities
07/03/2007 06:25 <REP> Microsoft
07/03/2007 14:36 3ÿ584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
07/03/2007 06:25 137 fusioncache.dat
07/03/2007 06:31 60ÿ048 GDIPFONTCACHEV1.DAT
07/03/2007 06:25 3ÿ770ÿ190 IconCache.db
4 fichier(s) 3ÿ833ÿ959 octets
7 R‚p(s) 221ÿ184ÿ749ÿ568 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

04/09/2006 22:30 <REP> .
04/09/2006 22:30 <REP> ..
04/09/2006 22:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 221ÿ184ÿ745ÿ472 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

04/09/2006 22:30 <REP> .
04/09/2006 22:30 <REP> ..
04/09/2006 22:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 221ÿ184ÿ745ÿ472 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

04/09/2006 22:30 <REP> .
04/09/2006 22:30 <REP> ..
04/09/2006 22:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 221ÿ182ÿ877ÿ696 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

04/09/2006 22:30 <REP> .
04/09/2006 22:30 <REP> ..
04/09/2006 22:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 221ÿ182ÿ877ÿ696 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

21/02/2007 19:34 <REP> .
21/02/2007 19:34 <REP> ..
15/11/2005 03:59 <REP> Identities
15/11/2005 03:59 <REP> Microsoft
21/02/2007 10:52 <REP> Real
21/02/2007 10:52 <REP> Symantec
10/10/2005 14:24 62 desktop.ini
1 fichier(s) 62 octets
6 R‚p(s) 221ÿ182ÿ877ÿ696 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

15/11/2005 03:59 <REP> .
15/11/2005 03:59 <REP> ..
21/02/2007 10:52 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
21/02/2007 10:52 <REP> ApplicationHistory
15/11/2005 03:59 <REP> Microsoft
21/02/2007 10:52 137 fusioncache.dat
21/02/2007 10:52 3ÿ770ÿ190 IconCache.db
2 fichier(s) 3ÿ770ÿ327 octets
5 R‚p(s) 221ÿ182ÿ877ÿ696 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\AD9000C593F3B6F9.job


Û:;¬eîI¼¸¸J"­€F ì <
s  "€!×
  6 c : \ d o c u m e ~ 1 \ h p _ a d m ~ 1 \ a p p l i c ~ 1 \ k i n d m e ~ 1 \ V c L o n g C o a l . e x e  H P _ A d m i n i s t r a t e u r 
0 Ì


C:\WINDOWS\Tasks\Connexion
Connexion inexploitable


C:\WINDOWS\Tasks\DMATask
DMATask inexploitable


C:\WINDOWS\Tasks\V‚rifier
V‚rifier inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\Program Files

19/03/2007 09:13 <REP> .
19/03/2007 09:13 <REP> ..
04/09/2006 23:16 <REP> Adobe
21/02/2007 14:17 <REP> Alwil Software
04/09/2006 22:59 <REP> ATI Technologies
19/03/2007 09:13 <REP> CCleaner
12/11/2005 01:09 <REP> ComPlus Applications
21/02/2007 20:48 <REP> Controle Parental
28/02/2007 10:20 <REP> DivX
01/03/2007 17:01 <REP> Droppix
04/09/2006 23:30 <REP> EasyBits
06/03/2007 13:11 <REP> EasyBits For Kids
19/03/2007 06:31 <REP> eMule
01/03/2007 17:01 <REP> Fichiers communs
04/09/2006 22:37 <REP> FrenchOtto
10/03/2007 12:46 <REP> Garfield
04/09/2006 22:37 <REP> GemMasterFrench
18/03/2007 17:01 <REP> Google
21/02/2007 22:07 <REP> Hewlett-Packard
04/09/2006 23:11 <REP> HP
21/02/2007 22:06 <REP> hp deskjet 5550 series
04/09/2006 23:08 <REP> HP DigitalMedia Archive
01/03/2007 17:02 <REP> illiminable
18/03/2007 17:01 <REP> Internet Explorer
04/09/2006 22:44 <REP> Java
18/03/2007 17:40 <REP> JCA2000
18/03/2007 17:00 <REP> JeCreeMaCuisineAvecLeroyMerlin
08/03/2007 18:48 <REP> Kind meta bore
26/02/2007 00:51 <REP> Logitech
18/03/2007 17:02 <REP> MaxiMemo
04/09/2006 22:48 <REP> Messenger
22/02/2007 09:54 <REP> Messenger Plus! Live
15/11/2005 03:24 <REP> microsoft frontpage
04/09/2006 23:13 <REP> Microsoft Office
04/09/2006 23:13 <REP> Microsoft Works
24/02/2007 05:06 <REP> Montorgueil
15/11/2005 03:24 <REP> Movie Maker
28/02/2007 16:37 <REP> Mozilla Firefox
23/02/2007 12:30 <REP> MSN
15/11/2005 03:25 <REP> MSN Gaming Zone
18/03/2007 17:35 <REP> MSN Messenger
21/02/2007 20:29 <REP> MSXML 4.0
04/09/2006 23:15 <REP> muvee Technologies
15/11/2005 03:25 <REP> NetMeeting
04/03/2007 09:22 <REP> NewMediaCodec
15/11/2005 03:25 <REP> Online Services
28/02/2007 15:04 <REP> OpiStat
21/02/2007 20:28 <REP> Outlook Express
04/09/2006 23:26 <REP> PC-Doctor 5 for Windows
04/09/2006 23:08 <REP> Real
21/02/2007 20:48 <REP> SAGEM
04/09/2006 23:32 <REP> Services en ligne
18/03/2007 17:03 <REP> Shareaza
02/03/2007 17:34 <REP> Sims Weather
04/09/2006 23:10 <REP> Sonic
10/03/2007 09:55 <REP> sunrise
18/03/2007 17:02 <REP> VideoLAN
10/03/2007 11:08 <REP> VVSN
19/03/2007 12:05 <REP> Wanadoo
23/02/2007 11:31 <REP> Windows Live Favorites
18/03/2007 17:34 <REP> Windows Live Toolbar
22/02/2007 12:47 <REP> Windows Media Connect 2
22/02/2007 12:47 <REP> Windows Media Player
15/11/2005 03:25 <REP> Windows NT
15/11/2005 03:25 <REP> Windows Plus
15/11/2005 03:26 <REP> xerox
19/03/2007 09:13 <REP> Yahoo!
28/02/2007 16:37 <REP> Zylom Games
0 fichier(s) 0 octets
68 R‚p(s) 221ÿ184ÿ724ÿ992 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.zylom.com REG_BINARY
netbios-wait.com REG_SZ
www.netbios-wait.com REG_SZ
netsearchsoft.com REG_SZ
www.netsearchsoft.com REG_SZ

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATEUR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QNHHSAZJ.DEFAULT\HOSTPERM.1

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://www.google.com/ie

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MapiMailGlobalPlay REG_SZ C:\Documents and Settings\All Users\Application Data\Kindjugsmapimail\Axis Regs.exe

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
flapeach REG_SZ C:\DOCUME~1\HP_ADM~1\APPLIC~1\KINDME~1\FIND THIRD.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est 34AB-4F74

R‚pertoire de C:\WINDOWS

02/03/2007 17:36 0 obmetmp.htm
1 fichier(s) 0 octets
0 R‚p(s) 221ÿ184ÿ692ÿ224 octets libres

*************** Fin du rapport ****************
u rapport merci

A toi de jouer

1/Télécharge :

- VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

- AVG anti-spyware:
http://downloads.grisoft.cz/softw/ [...] 5.0.50.exe
Tutorial : http://www.malekal.com/tutorial_AVG_AntiSpyware.html
Mets le à jour à partir du menu Mise à jour en haut. C'est tout pour l'instant.


2/ Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous à partir de REGEDIT4, (copie tout d'un trait) :

Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : reglop.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

L'icône de reglop.reg doit ressembler à cela

***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.microsoft.com/technet/p [...] x?mfr=true (choisis ta session courante "HP_Administrateur" ) *****

3/Exécuter et tu colles cette ligne en gras avant de valider par Ok (peu importe si tu as un message d'erreur)

regsvr32 /u C:\WINDOWS\system32\fbmtxawf.dll

4/Assure toi d'avoir accès aux dossiers/fichiers cachés :

5/ recherche et supprime ces dossiers ou fichiers, si tu les trouves :

C:\Documents and Settings\All Users\Application Data\Kindjugsmapimail <- le dossier
C:\Documents and Settings\HP_Administrateur\Application Data\Kind meta bore<- le dossier
C:\Program Files\Kind meta bore<- le dossier¨
C:\Program Files\Montorgueil<- le dossier¨
C:\windows\system32\fbmtxawf.dll<- le fichier

6/ démarrer/exécuter, tape cmd et valide par entrée. Colle la ligne en gras suivante dans la fenêtre noire qui s'ouvre :

del /a C:\WINDOWS\Tasks\AD9000C593F3B6F9.job

valide par entrée, puis ferme la fenêtre de commande.

7/ double clique sur reglop.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

8/ Lance Ccleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

8bis/Ouvre AVG Anti-Spyware et clic sur l'onglet Analyse, puis le sous-onglet Paramètres
- Sélectionne dans Comment Réagir ? Quarantine. (voir l'aide l'aide AVG Anti-Spyware)
- Reviens au sous-onglet Analyser puis clique sur Analyse complète du système.
---> Le scan démarre.
A la fin clique sur Appliquer toutes les actions, les éléments doivent alors être déplacés en quarantaine.
Puis clique sur Enregistrer le rapport d'analyse et enregistre le rapport sur le Bureau.

9/Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Laisses-le redémarrer normalement.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo


10/ Poste un nouveau rapport HijackThis, toutes fenêtres et applications fermées. Postes aussi le rapport AVG Anti-Spyware.Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

jeanjean77,

Non pas du tout. Si tu suis les instructions, tu t'en sortiras nickel chrome et tu auras appris en même temps pleins de trucs

Beaucoup d'adwares se mettent aussi dans la restauration de telle manière à revenir au galop pour celui/celle qui serait tenté(e) de l'utiliser.

Prends ton temps, copies les manips dans le blocnote de Windows et sauvegardes le sur ton bureau car en mode sans échec, tu n'auras pas d'accès à internet. Ensuite suis tranquillement les instructions et tout va bien se passer

j'ai effectué les premières manip a priori le trojan a été abattu dois je continuer? j'attends ta reponse et te poste le rapport hijackthis qu'est ce que tu en pense?

Bien sûr continues car tu as une infection lop sur ton PC et ton rapport Hijackthis révèle l'infection

C'est pour celà qu'il faut que tu fasses toutes les manips que je t'ai posté. Je m'en doutais que tu avais ces popups.

C'est pas grâve, on continue.

1)Lances hijackthis, do a scan only. Coches sur la gauche ces lignes :

O2 - BHO: (no name) - {23B72FC5-94AD-4702-9D44-BE5FD4B8AF64} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {6050A9F9-D78D-4CDB-B3FC-6FC50B45FBAb} - C:\WINDOWS\system32\cdjvtkih.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MapiMailGlobalPlay] C:\Documents and Settings\All Users\Application Data\Kindjugsmapimail\Axis Regs.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\fbmtxawf.dll",setvm
O4 - HKCU\..\Run: [flapeach] C:\DOCUME~1\HP_ADM~1\APPLIC~1\KINDME~1\FIND THIRD.exe

Cliques ensuite sur fixchecked et valides. Fermes Hijackthis.

2)Télécharge PocketKillBox
http://www.bleepingcomputer.com/fi [...] illBox.zip
Dézippes-le sur ton bureau.

coche la case "Delete on reboot" + "unregister dll before deleting"
sélectionnes tel quel tout ce qui est en gras ci dessous puis clic droit "copier" :

C:\WINDOWS\system32\cdjvtkih.dll
C:\WINDOWS\system32\fbmtxawf.dll
C:\WINDOWS\Tasks\AD9000C593F3B6F9.job

Sur PocketKillBox --> "File" -->"Paste from Clipboard" (tu ne verras rien se passer). Tu peux vérifier dans le menu déroulant que tous les fichiers sont bien présents.
clique sur le bouton "all files"
clique ensuite sur la croix rouge
Au deux messages qui vont s'afficher,tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même.

3)Télécharge et installe AVG anti-spyware:
http://downloads.grisoft.cz/softw/ [...] 5.0.50.exe
Tutorial : http://www.malekal.com/tutorial_AVG_AntiSpyware.html
Mets le à jour à partir du menu Mise à jour en haut. C'est tout pour l'instant.

Redémarre en mode sans échec.

Ouvre AVG Anti-Spyware et clic sur l'onglet Analyse, puis le sous-onglet Paramètres
- Sélectionne dans Comment Réagir ? Quarantine. (voir l'aide l'aide AVG Anti-Spyware)
- Reviens au sous-onglet Analyser puis clique sur Analyse complète du système.
---> Le scan démarre.
A la fin clique sur Appliquer toutes les actions, les éléments doivent alors être déplacés en quarantaine.
Puis clique sur Enregistrer le rapport d'analyse et enregistre le rapport sur le Bureau.

4)Redémarres normalement et postes le rapport AVG anti-spyware + un nouveau log hijackthis

5)Rends-toi sur :
www.virustotal.com/flash/index_en.html
- Cliques sur "Distribute" une fois pour obtenir un trait rouge barrant l'icône :
- Cliques ensuite sur le bouton "Parcourir..." pour récupérer le fichier à scanner. en gras :
C:\WINDOWS\system32\ezShellStart.exe
- Pour finir, cliques sur "Send" pour faire analyser ton fichier.
- Copie-colle le rapport dans une réponse une fois l'analyse terminée.

Fais la même chose avec ce fichier :
C:\WINDOWS\system32\ezNTSvc.exe

re bonjour c encore moi g effectué spyware doctor 45 infections et pas des moindres -avertising 4infections
-cookies navigation 11 infections
-known bad sites 2 infections
-whenUsaveNow 1 infection
-carpe diem 21 infections
-crack spider 6 infections
AU SECOURS !!!!!!!!

ca yest j'ai presque fini je te poste deja les rapports de antispyware et ensuite celui de hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 16:30:09, on 21/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1ae3d147ec8249449af65b883f7a7411
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1ae3d147ec8249449af65b883f7a7411
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:26:41 21/03/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP38\A0014514.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP57\A0028183.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP57\A0028184.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP57\A0028186.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP57\A0028187.exe -> Trojan.Obfuscated.en : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport
a tout a l'heure pou la suite ciao

re voila le deuxieme rapport de virus total. qu'est ce que tu en penses?
VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.


Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.


STATUS: FINISHEDComplete scanning result of "ezntsvc.exe", received in VirusTotal at 03.21.2007, 17:07:57 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.22.0 03.21.2007 no virus found
AntiVir 7.3.1.44 03.21.2007 no virus found
Authentium 4.93.8 03.20.2007 no virus found
Avast 4.7.936.0 03.21.2007 no virus found
AVG 7.5.0.447 03.21.2007 no virus found
BitDefender 7.2 03.21.2007 no virus found
CAT-QuickHeal 9.00 03.21.2007 no virus found
ClamAV devel-20070312 03.21.2007 no virus found
DrWeb 4.33 03.21.2007 no virus found
eSafe 7.0.14.0 03.21.2007 no virus found
eTrust-Vet 30.6.3497 03.21.2007 no virus found
Ewido 4.0 03.21.2007 no virus found
FileAdvisor 1 03.21.2007 no virus found
Fortinet 2.85.0.0 03.21.2007 no virus found
F-Prot 4.3.1.45 03.20.2007 no virus found
F-Secure 6.70.13030.0 03.21.2007 no virus found
Ikarus T3.1.1.3 03.21.2007 no virus found
Kaspersky 4.0.2.24 03.21.2007 no virus found
McAfee 4988 03.20.2007 no virus found
Microsoft 1.2306 03.21.2007 no virus found
NOD32v2 2132 03.21.2007 no virus found
Norman 5.80.02 03.21.2007 no virus found
Panda 9.0.0.4 03.21.2007 no virus found
Prevx1 V2 03.21.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.21.2007 no virus found
TheHacker 6.1.6.078 03.20.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.21.2007 no virus found
VirusBuster 4.3.7:9 03.21.2007 no virus found
Webwasher-Gateway 6.0.1 03.21.2007 no virus found


Aditional Information
File size: 33792 bytes
MD5: 9f5984873cdea9ba1a0689dabf931e13
SHA1: 3604abfeb260f9402cd836e3d15b5e3ae0a98b87

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

bonjour j 'ai refait le virustotal pour le premier fichier atout a l'heure
VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.


Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.


STATUS: FINISHEDComplete scanning result of "ezShell.dll", received in VirusTotal at 03.22.2007, 07:36:24 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.22.0 03.21.2007 no virus found
AntiVir 7.3.1.44 03.21.2007 no virus found
Authentium 4.93.8 03.22.2007 no virus found
Avast 4.7.936.0 03.21.2007 no virus found
AVG 7.5.0.447 03.21.2007 no virus found
BitDefender 7.2 03.22.2007 no virus found
CAT-QuickHeal 9.00 03.21.2007 no virus found
ClamAV devel-20070312 03.22.2007 no virus found
DrWeb 4.33 03.21.2007 no virus found
eSafe 7.0.14.0 03.21.2007 no virus found
eTrust-Vet 30.6.3499 03.21.2007 no virus found
Ewido 4.0 03.21.2007 no virus found
FileAdvisor 1 03.22.2007 no virus found
Fortinet 2.85.0.0 03.22.2007 no virus found
F-Prot 4.3.1.45 03.21.2007 no virus found
F-Secure 6.70.13030.0 03.22.2007 no virus found
Ikarus T3.1.1.3 03.22.2007 no virus found
Kaspersky 4.0.2.24 03.22.2007 no virus found
McAfee 4989 03.21.2007 no virus found
Microsoft 1.2306 03.22.2007 no virus found
NOD32v2 2134 03.22.2007 no virus found
Norman 5.80.02 03.21.2007 no virus found
Panda 9.0.0.4 03.21.2007 no virus found
Prevx1 V2 03.22.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.22.2007 no virus found
Symantec 10 03.22.2007 no virus found
TheHacker 6.1.6.079 03.22.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.21.2007 no virus found
VirusBuster 4.3.7:9 03.21.2007 no virus found
Webwasher-Gateway 6.0.1 03.22.2007 no virus found


Aditional Information
File size: 389120 bytes
MD5: 67ef28e3ac1dec6236f8a55c8b4a2e51
SHA1: dcee48837a9fe7a93752a441c8b1bb5dc2de64e6

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Incident Statut Analyse

Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@2o7[2].txt
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adtech[2].txt
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@advertising[2].txt
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@as-eu.falkag[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@atdmt[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bluestreak[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@doubleclick[1].txt
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fl01.ct2.comclick[2].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@mediaplex[1].txt
Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@metriweb[1].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@overture[1].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@tradedoubler[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@weborama[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@xiti[1].txt
Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@ads.pointroll[1].txt
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@adtech[2].txt
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@advertising[1].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@atdmt[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@bluestreak[1].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@bs.serving-sys[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@doubleclick[1].txt
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@fl01.ct2.comclick[2].txt
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@hitbox[2].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@mediaplex[1].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@overture[2].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@serving-sys[2].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@tradedoubler[2].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@weborama[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@xiti[2].txt
Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\jonathan\Cookies\jonathan@zedo[2].txt
Outil indésirable:Application/KillApp.B No Désinfecté C:\hp\bin\KillIt.exe
Outil indésirable:Application/VSToolbar No Désinfecté C:\VundoFix Backups\hderxrtx.exe.bad
Outil indésirable:Application/VSToolbar No Désinfecté C:\VundoFix Backups\hkwpddkw.exe.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\nnnklif.dll.bad
Virus:Trj/BHO.A Désinfecté C:\VundoFix Backups\ujcyxyuw.dll.bad
Adware:Adware/WinAntivirus2006 No Désinfecté C:\VundoFix Backups\vandyflf.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\wvuvssr.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\awkpxqcq.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\bqhnbmvm.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\buirqvqq.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\cdjvtkih.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\chcvjatj.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\cpbbxaep.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\ddobdbrc.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\eyhaeyro.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\fbmtxawf.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\gkihtfbw.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\hsieuwie.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\irofidrg.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\jjymbjjp.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\kqwvqdse.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\maaqlvpp.dll
Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\system32\oqlkoitc.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\pksimida.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\rfyjcdmv.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\yhyrpnfy.dll
Virus:Bck/Diazom.AP Désinfecté C:\WINDOWS\system32\ymeebuyq.dll

On va t'enlever tout celà

1)Télécharger VundoFix.exe (par Atribune) sur votre Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

2)Repostes un log hijackthis.

Scan saved at 14:24:21, on 25/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe
C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1ae3d147ec8249449af65b883f7a7411
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1ae3d147ec8249449af65b883f7a7411
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: bw+0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

avast s'est mis en route il m'a trouvé des chevaux de troie et des virus /ver j'ai tout mis en quarantaine ils se trovent sur des fichiers de retauration win32/volume restore

voici le rapport

[03/26/2007, 17:30:10] - VirtumundoBeGone v1.5 ( "C:\DOCUME~1\HP_ADM~1\MESDOC~1\JEAN-L~1\virtumundobegone.exe" )
[03/26/2007, 17:30:15] - Detected System Information:
[03/26/2007, 17:30:15] - Windows Version: 5.1.2600, Service Pack 2
[03/26/2007, 17:30:15] - Current Username: HP_Administrateur (Admin)
[03/26/2007, 17:30:15] - Windows is in NORMAL mode.
[03/26/2007, 17:30:15] - Searching for Browser Helper Objects:
[03/26/2007, 17:30:15] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/26/2007, 17:30:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/26/2007, 17:30:15] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/26/2007, 17:30:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/26/2007, 17:30:16] - No filename found. Continuing.
[03/26/2007, 17:30:16] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/26/2007, 17:30:16] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/26/2007, 17:30:16] - Finished Searching Browser Helper Objects
[03/26/2007, 17:30:16] - Finishing up...
[03/26/2007, 17:30:16] - Nothing found! Exiting...

ca c'etait le rapport avant redemarrage et ca c'est le rapport apres le redemarrage

Scan saved at 17:38:17, on 26/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1ae3d147ec8249449af65b883f7a7411
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1ae3d147ec8249449af65b883f7a7411
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: bw+0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {7B244F8A-5A13-41E0-924D-A8059A5FA9B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

voila le rapport de bitdefender
BitDefender Online Scanner



Rapport d'analyse généré à: Tue, Mar 27, 2007 - 14:58:56





Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







Statistiques

Temps
02:11:31

Fichiers
455523

Directoires
6330

Secteurs de boot
3

Archives
19887

Paquets programmes
45132




Résultats

Virus identifiés
2

Fichiers infectés
5

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
5




Info sur les moteurs

Définition virus
407996

Version des moteurs
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
6

E-mail plugins
6

Système plugins
1




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0000
Infecté par: Trojan.Dropper.Multi.IV

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0000
Echec de la désinfection

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0000
Supprimé

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)
Echec de la mise à jour

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0007
Infecté par: Trojan.Dropper.Multi.IV

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0007
Echec de la désinfection

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0007
Supprimé

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)
Echec de la mise à jour

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0010=>(NSIS g)=>zlib_nsis0000
Infecté par: Trojan.Dropper.Multi.IV

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0010=>(NSIS g)=>zlib_nsis0000
Echec de la désinfection

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0010=>(NSIS g)=>zlib_nsis0000
Supprimé

C:\Documents and Settings\HP_Administrateur\Mes documents\Jean-Luc BOUTTEVILLE\newmediacodecinstaller.exe=>(NSIS o)=>zlib_nsis0010=>(NSIS g)
Echec de la mise à jour

C:\Program Files\NewMediaCodec\Uninstall.exe=>(NSIS o)=>zlib_nsis0000
Infecté par: Trojan.Dropper.Multi.IV

C:\Program Files\NewMediaCodec\Uninstall.exe=>(NSIS o)=>zlib_nsis0000
Echec de la désinfection

C:\Program Files\NewMediaCodec\Uninstall.exe=>(NSIS o)=>zlib_nsis0000
Supprimé

C:\Program Files\NewMediaCodec\Uninstall.exe=>(NSIS o)
Echec de la mise à jour

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP69\A0036467.dll
Infecté par: MemScan:Trojan.Spy.Agent.NU

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP69\A0036467.dll
Echec de la désinfection

C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP69\A0036467.dll
Supprimé

j'espere que ce n'est pas trop grave

bonjour docteur je n'ai pas eu de récidives .A part que mon pc rame!! sinon rien a signaler .Par contre explique moi ce qu'est un dialer je crois que j'ai vu ça dans un des rapports; c'est dangereux ou pas?

je ne peux pas telecharger l'utilitaire ma sécurité ne me le permet pas

ce n'est pas mon antivirus j'ai sur mon pc sp2 serais ce lui qui me bloque ?

ca y est g reussi je te poste le rapport immediatement
SmitFraudFix v2.158

Rapport fait à 11:37:43,39, 28/03/2007
Executé à partir de C:\DOCUME~1\HP_ADM~1\MESDOC~1\JEAN-L~1\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\mslog.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\NewMediaCodec\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

C'est parti

Redémarre en mode sans échec.

Relance le fichier smitfraudfix.exe et choisis cette fois l’option 2 et réponds oui à tout.
A la fin, sauvegardes le rapport final afin de pouvoir le retrouver.
Redémarres et communiques le nouveau rapport avec un nouveau rapport Hijackthis