Favoris indesirables (cool stuff) - log hijac
ens
-
incognito02 Messages postés 3487 Statut Contributeur -
incognito02 Messages postés 3487 Statut Contributeur -
Bonjour
J'ai regarder rapidement les autres messages comportant le probleme pour gagner du temps...
J'ai des favoris indesirables que se sont installés et forcement impossible de les enlever. J'ai essayé, scan antivuris puis spyboot, ad aware, cleanup c cleaner en mode normal et sans echec, bref rien de nouveau il sont toujours la!!
Config du pc 1.2ghz 256mo de memoire, winxp, ie 6, antivirus securitoo,
J'ai fais un log avec hijackthis
le voici
Logfile of HijackThis v1.99.1
Scan saved at 15:01:06, on 02/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\JEAN-MARIE\ECB.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.laposte.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bw.myway.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\JEAN-MARIE\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [axismore1dead] C:\Documents and Settings\All Users\Application Data\bash start axis more\Tool camp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120239932340
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://franceloisirs.fujifilmnet.com/MCLPhoto.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BEF9DA9B-002E-4901-AEFD-53043E9F3964} (Djingle InstallAx Control) - http://www.declicsvip.com/player/install/soft/installax_autovip_autodeclics.cab
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{542FC8D7-48F5-41DF-A15A-A24616E91C1B}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: bw+0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Si quelqu'un peut dechiffrer ceci est me dire par la même occasion que faire.
Merci d'avance
Ens.
J'ai regarder rapidement les autres messages comportant le probleme pour gagner du temps...
J'ai des favoris indesirables que se sont installés et forcement impossible de les enlever. J'ai essayé, scan antivuris puis spyboot, ad aware, cleanup c cleaner en mode normal et sans echec, bref rien de nouveau il sont toujours la!!
Config du pc 1.2ghz 256mo de memoire, winxp, ie 6, antivirus securitoo,
J'ai fais un log avec hijackthis
le voici
Logfile of HijackThis v1.99.1
Scan saved at 15:01:06, on 02/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\JEAN-MARIE\ECB.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.laposte.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bw.myway.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\JEAN-MARIE\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [axismore1dead] C:\Documents and Settings\All Users\Application Data\bash start axis more\Tool camp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120239932340
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://franceloisirs.fujifilmnet.com/MCLPhoto.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BEF9DA9B-002E-4901-AEFD-53043E9F3964} (Djingle InstallAx Control) - http://www.declicsvip.com/player/install/soft/installax_autovip_autodeclics.cab
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{542FC8D7-48F5-41DF-A15A-A24616E91C1B}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: bw+0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BE832E02-F11F-4CC9-BD35-5387395769C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Si quelqu'un peut dechiffrer ceci est me dire par la même occasion que faire.
Merci d'avance
Ens.
A voir également:
- Favoris indesirables (cool stuff) - log hijac
- Exporter favoris chrome - Guide
- Exporter favoris firefox - Guide
- Liste des numéros indésirables - Guide
- Supprimer tous les favoris chrome - Astuces et Solutions
- J'ai trouvé comment supprimer d'un seul coup tous les favoris ! - Forum Réseaux sociaux
8 réponses
bonjour,
Personne pour m'aider s'il vous plait?
dois-je faitre une autre operation pour faciliter la tache?
j'en profite pour dire car j'ai oublier de le preciser , qu'il s'agit des favoris internet cool stuff, casino online , etc...
Personne pour m'aider s'il vous plait?
dois-je faitre une autre operation pour faciliter la tache?
j'en profite pour dire car j'ai oublier de le preciser , qu'il s'agit des favoris internet cool stuff, casino online , etc...
Bonjour,
Méthode a suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n utilises pas tout de suite:
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html
Démo d utilisation (merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourra le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo ici d'utilisation:(merci a Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as télécharger avant)
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
----------------------------------------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite click sur fix checked :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bw.myway.com/
O4 - HKLM\..\Run: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKLM\..\Run: [axismore1dead] C:\Documents and Settings\All Users\Application Data\bash start axis more\Tool camp.exe < si inconnu pr toi
O4 - HKLM\..\RunServices: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKCU\..\Run: [LDM] \Program\
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si present)
kdrmzqz.exe
Documents and Settings\All Users\Application Data\bash start axis more < si inconnu pr toi
----------------------------------------------------------------------------
¤ Passe adaware et vire tous se qu il trouve
----------------------------------------------------------------------------
¤ Passe spybot et vire tous se qu il trouve
----------------------------------------------------------------------------
> Tu vide ta poubelle et tu redémarre en mode normal et refait un Hijack
Précise tes soucis si il en restes....
Tiens moi au courant
a+
Méthode a suivre dans l'ordre...
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n utilises pas tout de suite:
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html
Démo d utilisation (merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourra le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo ici d'utilisation:(merci a Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf
3/Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as télécharger avant)
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
----------------------------------------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite click sur fix checked :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bw.myway.com/
O4 - HKLM\..\Run: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKLM\..\Run: [axismore1dead] C:\Documents and Settings\All Users\Application Data\bash start axis more\Tool camp.exe < si inconnu pr toi
O4 - HKLM\..\RunServices: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] kdrmzqz.exe
O4 - HKCU\..\Run: [LDM] \Program\
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si present)
kdrmzqz.exe
Documents and Settings\All Users\Application Data\bash start axis more < si inconnu pr toi
----------------------------------------------------------------------------
¤ Passe adaware et vire tous se qu il trouve
----------------------------------------------------------------------------
¤ Passe spybot et vire tous se qu il trouve
----------------------------------------------------------------------------
> Tu vide ta poubelle et tu redémarre en mode normal et refait un Hijack
Précise tes soucis si il en restes....
Tiens moi au courant
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
coucou, mais de rien, ce fut un plaisir
si je comprends tu n as plus de favoris indesirables,
je suis content pour toi
derniere manipulation et pares je t embete plus
recache tes fichiers+reactive ta restauration systeme
A+, bonne soiree
si je comprends tu n as plus de favoris indesirables,
je suis content pour toi
derniere manipulation et pares je t embete plus
recache tes fichiers+reactive ta restauration systeme
A+, bonne soiree
Bravo régis,j'ai un probleme avec les favoris identiques,je souhaiterais avoir ton aide,j'ai fait un scanlog et je t'en fait part,pourrais tu me guider pour enfin virer casino on line de mes favoris,merci d'avance,j'attends ta reponse
Logfile of HijackThis v1.99.1
Scan saved at 16:12:05, on 18/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
c:\windows\system32\rlvknlg.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Programme\eMule\emule.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\family\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qfnrwtgeiik.net/RvmczUV9y2bQxHOe9AOqF_AcJp9S2KOTgEugy7y_rJoYlcrBuJe0LY...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qfnrwtgeiik.net/RvmczUV9y2bQxHOe9AOqF_AcJp9S2KOTgEugy7y_rJoYlcrBuJe0LY...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 64.233.167.104 symantec.com
O1 - Hosts: 64.233.167.104 sandbox.norman.no
O1 - Hosts: 64.233.167.104 www.pandasoftware.com
O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [il mio dolce tesoro] monycom.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Standar P2P] C:\WINDOWS\system32\Rundl16.exe
O4 - HKLM\..\Run: [Standar P2P 2] C:\WINDOWS\system\Rundl16.exe
O4 - HKLM\..\Run: [demon force] C:\WINDOWS\system32\1zDm0n1.26Com.exe
O4 - HKLM\..\Run: [FyPk7A] C:\WINDOWS\xkpfcqk.exe
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [clfmon] C:\WINDOWS\clfmon.exe
O4 - HKLM\..\Run: [Patch] C:\WINDOWS\Patch.exe /nomsg
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [bendcreativelocksexit] C:\Documents and Settings\All Users\Application Data\Book Htm Bend Creative\dupebuild.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\serbw.exe
O4 - HKCU\..\Run: [infoheck] C:\DOCUME~1\family\APPLIC~1\Elsemail\Bits Shim.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Logfile of HijackThis v1.99.1
Scan saved at 16:12:05, on 18/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
c:\windows\system32\rlvknlg.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Programme\eMule\emule.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\family\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qfnrwtgeiik.net/RvmczUV9y2bQxHOe9AOqF_AcJp9S2KOTgEugy7y_rJoYlcrBuJe0LY...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qfnrwtgeiik.net/RvmczUV9y2bQxHOe9AOqF_AcJp9S2KOTgEugy7y_rJoYlcrBuJe0LY...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 64.233.167.104 symantec.com
O1 - Hosts: 64.233.167.104 sandbox.norman.no
O1 - Hosts: 64.233.167.104 www.pandasoftware.com
O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [il mio dolce tesoro] monycom.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Standar P2P] C:\WINDOWS\system32\Rundl16.exe
O4 - HKLM\..\Run: [Standar P2P 2] C:\WINDOWS\system\Rundl16.exe
O4 - HKLM\..\Run: [demon force] C:\WINDOWS\system32\1zDm0n1.26Com.exe
O4 - HKLM\..\Run: [FyPk7A] C:\WINDOWS\xkpfcqk.exe
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [clfmon] C:\WINDOWS\clfmon.exe
O4 - HKLM\..\Run: [Patch] C:\WINDOWS\Patch.exe /nomsg
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [bendcreativelocksexit] C:\Documents and Settings\All Users\Application Data\Book Htm Bend Creative\dupebuild.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\serbw.exe
O4 - HKCU\..\Run: [infoheck] C:\DOCUME~1\family\APPLIC~1\Elsemail\Bits Shim.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Salut Joe,
Oui pas de problemes.
Tu es pas mal infecté, certes par travel...mais il y a quelques trojans et autres bestioles...
Commence par telecharger et installer ceci
Ewido:
http://download.ewido.net/ewido-setup.exe
¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.
Une fois terminé, tu me joins le rapport d Ewido + un nouvel Hijack this + ceci:
Télécharge lopxp ici:
http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci Moe31 et Balltrap34)
2) dezippe le (clic droit dessus > extraire tout)
et lance lopxp.bat
le bloc note va s'ouvrir, copie et colle le contenu ici
A+
Oui pas de problemes.
Tu es pas mal infecté, certes par travel...mais il y a quelques trojans et autres bestioles...
Commence par telecharger et installer ceci
Ewido:
http://download.ewido.net/ewido-setup.exe
¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.
Une fois terminé, tu me joins le rapport d Ewido + un nouvel Hijack this + ceci:
Télécharge lopxp ici:
http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci Moe31 et Balltrap34)
2) dezippe le (clic droit dessus > extraire tout)
et lance lopxp.bat
le bloc note va s'ouvrir, copie et colle le contenu ici
A+
bonjour,
j'ai le même problème... j'ai fait un spybot, adaware... il m'en a trouvé mais les favoris indésirables restent toujours.
J'ai fait un hijack aussi, il y a loud memo et quand je le fixe, il revient.
En mode sans échec, spybot et adaware ne trouvent rien.
Que puis-je faire?
Voici mon log hijack
Logfile of HijackThis v1.99.1
Scan saved at 21:03:26, on 19/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\DOCUME~1\erve\LOCALS~1\Temp\Rar$EX00.090\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {A371E3FD-9DA4-1253-7874-05F15013C78D} - C:\DOCUME~1\erve\APPLIC~1\Wmathis\lessgpl.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr-be\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [MessengerPlus3] "e:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "e:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bowsdale] C:\DOCUME~1\erve\APPLIC~1\CLOSEF~1\Loud memo.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
j'ai le même problème... j'ai fait un spybot, adaware... il m'en a trouvé mais les favoris indésirables restent toujours.
J'ai fait un hijack aussi, il y a loud memo et quand je le fixe, il revient.
En mode sans échec, spybot et adaware ne trouvent rien.
Que puis-je faire?
Voici mon log hijack
Logfile of HijackThis v1.99.1
Scan saved at 21:03:26, on 19/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\DOCUME~1\erve\LOCALS~1\Temp\Rar$EX00.090\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {A371E3FD-9DA4-1253-7874-05F15013C78D} - C:\DOCUME~1\erve\APPLIC~1\Wmathis\lessgpl.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr-be\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [MessengerPlus3] "e:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "e:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bowsdale] C:\DOCUME~1\erve\APPLIC~1\CLOSEF~1\Loud memo.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
