Sujet Précédent Sujet Suivant

Affichage intempestif de pages de dialogues

Matlou -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonsoir,
depuis quelques temps, lorsque je me connecte sur la toile, j'ai des boîtes de dialogue web qui s'affichent de manière intempestive ( Drivercleaner, winantispyware, jeux de casino, etc.... ).

J'ai passé Spybot S&D, AVG Anti spyware 7.5, CCleaner, Ad-aware, supprimé ce qui était considéré comme suspect, mais ces fenêtres continuent de s'ouvrir.

Je vous poste un hi-jack this, en espérant que vous pourrez m'aider ( Merci SVP d'être clairs dans vos explications car je ne m'y connais pas trop :) ).

Merci d'avance pour votre contribution !!

Voici le hijack :

Logfile of HijackThis v1.99.1
Scan saved at 20:24:11, on 03/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchostt.exe
O4 - HKCU\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?6695ff0b7af546e386fd293fa469ff8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?6695ff0b7af546e386fd293fa469ff8
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

13 réponses

Réponse 1 / 13
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)

Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence;
clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
0
Matlou
 
Bonsoir Philae et merci pour ton aide.
J'ai téléchargé et lancé le programme.
Le scan s'est déroulé, par contre, j'ai juste eu l'affichage d'une fenêtre "Step 2 - Clean hidden items" avec 4 objets :
- jwzucnytpd.exe
- jwzucnytpd.dat
- jwzucnytpd_nav.dat
- jwzucnytpd_navps.dat

Je n'ai pas eu d'affichage d'un rapport nommé fsbl.xxxxxxx.log.
Me serais-je planté ?
0
Matlou
 
Philae,

ayant l'esprit un peu plus clair ce matin, je poste ici le rapport de Blacklight que j'ai trouvé :

02/03/07 21:30:39 [Info]: BlackLight Engine 1.0.55 initialized
02/03/07 21:30:39 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/03/07 21:30:39 [Note]: 7019 4
02/03/07 21:30:39 [Note]: 7005 0
02/03/07 21:30:52 [Note]: 7006 0
02/03/07 21:30:52 [Note]: 7011 1444
02/03/07 21:30:52 [Note]: 7026 0
02/03/07 21:30:52 [Note]: 7026 0
02/03/07 21:30:52 [Note]: 7024 3
02/03/07 21:30:52 [Info]: Hidden process: C:\windows\system32\jwzucnytpd.exe
02/03/07 21:30:57 [Note]: FSRAW library version 1.7.1021
02/03/07 21:34:48 [Info]: Hidden file: c:\WINDOWS\system32\jwzucnytpd.dat
02/03/07 21:34:48 [Note]: 10002 1
02/03/07 21:34:49 [Info]: Hidden file: C:\windows\system32\jwzucnytpd.exe
02/03/07 21:34:49 [Note]: 10002 1
02/03/07 21:34:49 [Info]: Hidden file: c:\WINDOWS\system32\jwzucnytpd_nav.dat
02/03/07 21:34:49 [Note]: 10002 1
02/03/07 21:34:49 [Info]: Hidden file: c:\WINDOWS\system32\jwzucnytpd_navps.dat
02/03/07 21:34:49 [Note]: 10002 1
02/03/07 21:45:14 [Note]: 7007 0
0
Matlou
 
Hop hop ! Je me remets dans la file ;) !
0
Réponse 2 / 13
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
Bonsoir,

visiblement tu as fait le nettoyage des fichiers avec blacklight, chose qu'on évite de faire.....

peux tu le refaire maintenant stp et reposte un rapport hijackthis
0
Réponse 3 / 13
Matlou
 
Bonjour Philae,

j'ai repris ma manip' avec Blacklight et je te confirme que je n'ai rien nettoyé.
Après le scan, j'ai cliqué sur "Close".
J'ai toujours le même rapport :

02/05/07 16:24:57 [Info]: BlackLight Engine 1.0.55 initialized
02/05/07 16:24:57 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/05/07 16:24:57 [Note]: 7019 4
02/05/07 16:24:57 [Note]: 7005 0
02/05/07 16:25:05 [Note]: 7006 0
02/05/07 16:25:05 [Note]: 7011 1412
02/05/07 16:25:05 [Note]: 7026 0
02/05/07 16:25:05 [Note]: 7026 0
02/05/07 16:25:05 [Note]: 7024 3
02/05/07 16:25:05 [Info]: Hidden process: C:\windows\system32\jwzucnytpd.exe
02/05/07 16:25:16 [Note]: FSRAW library version 1.7.1021
02/05/07 16:29:30 [Info]: Hidden file: c:\WINDOWS\system32\jwzucnytpd.dat
02/05/07 16:29:30 [Note]: 10002 1
02/05/07 16:29:31 [Info]: Hidden file: C:\windows\system32\jwzucnytpd.exe
02/05/07 16:29:31 [Note]: 10002 1
02/05/07 16:29:31 [Info]: Hidden file: c:\WINDOWS\system32\jwzucnytpd_nav.dat
02/05/07 16:29:31 [Note]: 10002 1
02/05/07 16:29:31 [Info]: Hidden file: c:\WINDOWS\system32\jwzucnytpd_navps.dat
02/05/07 16:29:31 [Note]: 10002 1
02/05/07 17:01:06 [Note]: 7007 0

Comme demandé, je te reposte un hijack :

Logfile of HijackThis v1.99.1
Scan saved at 17:07:44, on 05/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchostt.exe
O4 - HKCU\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?6695ff0b7af546e386fd293fa469ff8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?6695ff0b7af546e386fd293fa469ff8
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 4 / 13
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

je te prépare les manips à effectuer, réponse dans un moment

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

ces manips sont à faire dans l'ordre stp, imprime car il te faudra les faire en mode sans échec

aide pour le mode sans échec :

http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924

* Télécharge CCleaner

http://www.filehippo.com/download_ccleaner.html

("Download Latest Version", sur la droite).

Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

* télécharge Brute Force Uninstaller

http://www.merijn.org/files/bfu.zip

* FAIS UN CLIC-DROIT sur le lien ci dessous

http://metallica.geekstogo.com/EGDACCESS.bfu

et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..")

afin de télécharger EGDACCESS.bfu, Type "Tous les fichiers".

Sauvegarde dans le dossier créé (c:\BFU)

* FAIS UN CLIC-DROIT sur le lien ci dessous

http://perso.numericable.fr/~altshift/Info/Fichiers/Winsoftware.bfu

et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..")

afin de télécharger Winsoftware.bfu, Type "Tous les fichiers".

Sauvegarde dans le dossier créé (c:\BFU)

* Navipromo.zip (par lazzzy)

http://perso.numericable.fr/%7Ealtshift/Info/Fichiers/Navipromo07.zip

et décompresse-le sur ton bureau

*****Copie ce qui suit dans un fichier texte et redémarre en mode sans échec (choisis ta session habituelle, pas le compte admin ou autre)*****

* relance HijackThis pour un scan seulement, coche et fixe ces lignes :

O4 - HKLM\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchostt.exe
O4 - HKCU\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D37A4175-1327-43FA-90B0-58716916689F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

* Assure toi d'avoir accès aux dossiers/fichiers cachés :

Ouvrir un dossier, n'importe lequel. Aller dans :
Outils/Options des dossiers/Affichage et
- cocher "afficher les dossiers et fichiers cachés",
- décocher "masquer les extensions des fichiers dont le type est connu".
- décocher masquer les fichiers protégés du système d'exploitation (recommandé)"
"appliquer" et "ok"

* recherche et supprime ces dossiers ou fichiers, si tu les trouves :

c:\windows\system32\svchostt.exe----ATTENTION à la syntaxe

c:\windows\system32\filees.exe

* Lance Ccleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

* lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau.

* Sélectionne d'abord l'option "Vérifications", et patiente quelques minutes. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert

* Sélectionne l'option "Recherche et suppression automatique". Patiente.

S'il trouve quelque chose, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé.

Lorsqu'il a terminé, ferme le rapport qui s'est ouvert

* Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.

* Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu

* Clique sur "Execute" et laisse-le faire son travail.

Attendre que "Complete script execution" apparaîsse et clique sur OK.

* Clique exit pour fermer le programme BFU.

Recommence encore une fois.

* Démarre encore le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.

Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : Winsoftware.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Winsoftware.bfu

* Clique sur "Execute" et laisse-le faire son travail.

Attendre que "Complete script execution" apparaîsse et clique sur OK.

* Clique exit pour fermer le programme BFU.

Recommence encore une fois.

* Démarrer -> panneau de configuration -> options internet

Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

electronic-group - egroup - Montorgueil - VIP - "Sunny Day Design Ltd"



=> Supprime-les tous

* lance AVG antispyware
Clique sur le bouton Analyse (de la barre d'outils)

Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.

Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

A la fin du scan, choisis l'option 3

"Appliquer toutes les actions " en bas.

Clique sur "Enregistrer le rapport".
et

* Redémarre normalement et poste :

- un nouveau rapport HijackThis,

- le contenu du fichier Navipromo.txt qui se trouve dans Poste de travail > disque C:\

- le rapport d'AVG

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
0
Réponse 6 / 13
Matlou
 
Merci Philae,
je m'imprime tout ça au bureau demain ( J'ai plus d'encre dans la mienne :( ) et je te tiens informée dès que possible, car mon timing de la semaine est quasi ministériel.....

Je te poste tous les rapports dans les meilleurs délais !

Merci infiniment pour ton aide et, en attendant, je te souhaite une excellente soirée !!
0
Réponse 7 / 13
philae83 Messages postés 12854 Statut Contributeur sécurité 206
  
est quasi ministériel.....


bon courage alors !
à ..........dès que possible
0
Réponse 8 / 13
Matlou
 
Bonjour Philae,
avant de me lancer j'ai pris connaissance de tes instructions.
Peux-tu me préciser :
1 - quand tu écris : * Clique exit pour fermer le programme BFU.

Recommence encore une fois.

Ce que tu entends par "recommence encore une fois" : le programme BFU ou toute la manip' précédente ?

2 - Combien de fois je dois lancer le programme BFU ? Car ton message comporte deux fois de suite le même paragraphe ;) !

A te lire,
Matlou
0
Réponse 9 / 13
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
Bonsoir,

avec un peu de retard, je te réponds

quand j'écris recommence encore une fois c'est tout ca qu'il faut recommencer : 

* Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.

* Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu

* Clique sur "Execute" et laisse-le faire son travail.

Attendre que "Complete script execution" apparaîsse et clique sur OK.

* Clique exit pour fermer le programme BFU.

Recommence encore une fois.


ensuite la manip n'est pas écrite 2 fois, car une fois c'est le script egdaccess et l'autre c'est wintsoftware. 2 différents

0
Réponse 10 / 13
Matlou
 
Bonjour Philae,

j'ai trouvé un peu de temps hier !
J'ai suivi tes instructions et c'est un GRAND MERCI que je t'adresse aujourd'hui !!
Ces maudites pages ont bien l'air d'avoir disparu !!
Génial !

***************************
Petit bilan, d'abord ( Je poste à la suite les rapports ) :

1 - Descriptif très clair !

2 - Je n'ai pas trouvé, après le Fix des lignes, les fichiers :
c:\windows\system32\svchostt.exe
c:\windows\system32\filees.exe

3 - Pour les futurs bénéficiaires de tes merveilleux conseils, peux-tu compléter un peu la manip' dans AVG antispyware, car j'ai galéré un moment pour trouver "Quarantaine".

Tu écris : "Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine."

Mais il n'y a pas d'onglet "Comment réagir ?".
Il faut aller dans l'onglet "Paramètres" et, là, tu trouves bien une option "Comment réagir ?" ( Si ça peut en aider d'autres que moi ...... ;) ).

******************************
Voilà les rapports :

Logfile of HijackThis v1.99.1
Scan saved at 07:53:39, on 07/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?6695ff0b7af546e386fd293fa469ff8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?6695ff0b7af546e386fd293fa469ff8
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

********************************************

Rapport Navipromo.bat 0.71 effectué le 06/02/2007 à 20:49:57,43

L'opération se déroule en mode sans échec sous le compte utilisateur

## Vérifications supplémentaires

Note : cette section est expérimentale, aucun fichier ne sera supprimé. Si des fichiers sont trouvés à l'aide de cette méthode, ils ne seront pas nécessairement dangereux.

* Navipromo

C:\WINDOWS\System32

jwzucnytpd.exe
jwzucnytpd.dat
jwzucnytpd.dat

* Trojan Nebula

* Trojan Vundo

-------------

Rapport Navipromo.bat 0.71 effectué le 06/02/2007 à 20:50:40,73

L'opération se déroule en mode sans échec sous le compte utilisateur

** Recherche...

1/ jwzucnytpd trouvé, recherche de jwzucnytpd*
C:\WINDOWS\system32\jwzucnytpd.dat
C:\WINDOWS\system32\jwzucnytpd.exe
C:\WINDOWS\system32\jwzucnytpd_nav.dat
C:\WINDOWS\system32\jwzucnytpd_navps.dat
C:\WINDOWS\prefetch\JWZUCNYTPD.EXE-2806822E.pf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
jwzucnytpd REG_SZ c:\windows\system32\jwzucnytpd.exe jwzucnytpd

------------------
Fin du rapport de recherche
Adware Navipromo trouvé 1 fois avec cette méthode ################################################

** Nettoyage...

1/ Déplacement de jwzucnytpd* vers C:\Navipromo\Backups...
C:\WINDOWS\System32\jwzucnytpd* déplacé avec succès !
C:\WINDOWS\prefetch\jwzucnytpd* déplacé avec succès

------------------
* Suppression clés et valeurs de registre
1 entrées de registre netttoyées

* Backups :

C:\Navipromo\Backups\ARPCache.reg
C:\Navipromo\Backups\HKCURun.reg
C:\Navipromo\Backups\HKLMRun.reg
C:\Navipromo\Backups\jwzucnytpd.dat
C:\Navipromo\Backups\jwzucnytpd.exe
C:\Navipromo\Backups\JWZUCNYTPD.EXE-2806822E.pf
C:\Navipromo\Backups\jwzucnytpd_nav.dat
C:\Navipromo\Backups\jwzucnytpd_navps.dat
C:\Navipromo\Backups\Uninstall.reg

Ajout d'extension .off aux backups

## Fin du rapport de Suppression

********************************************

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:41:51 06/02/2007

+ Résultat de l'analyse:

C:\System Volume Information\_restore{9124E708-7FEA-44D7-ACDD-B747A20EADE1}\RP479\A0093654.dll -> Adware.Companion : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9124E708-7FEA-44D7-ACDD-B747A20EADE1}\RP440\A0083792.dll -> Adware.WinAntiVir : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9124E708-7FEA-44D7-ACDD-B747A20EADE1}\RP440\A0083808.dll -> Adware.WinAntiVir : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9124E708-7FEA-44D7-ACDD-B747A20EADE1}\RP440\A0083777.exe -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9124E708-7FEA-44D7-ACDD-B747A20EADE1}\RP440\A0083778.exe -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9124E708-7FEA-44D7-ACDD-B747A20EADE1}\RP440\A0083780.exe -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9124E708-7FEA-44D7-ACDD-B747A20EADE1}\RP440\A0083786.exe -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9124E708-7FEA-44D7-ACDD-B747A20EADE1}\RP475\A0093328.cpl -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9124E708-7FEA-44D7-ACDD-B747A20EADE1}\RP440\A0083809.dll -> Adware.WinAntiVixer : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.18\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.19\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.20\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.21\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.22\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport
*******************************************

N'hésite pas à m'indiquer si tu trouves d'autres anomalies à corriger !
Si tu as d'autres conseils, notamment de protection, je suis preneur !

Merci encore pour cette aide précieuse !
Matlou
0
Réponse 11 / 13
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
Bonjour,

ok pour AVG, j'en prends bonne note.
Pour ton rapport il est correct, mais peut etre pourrais tu parfaire le nettoyage en faisant un scan antivirus en ligne.
poste le rapport ici ensuite
http://www.bitdefender.fr/scan8/ie.html

pour la sécurité de ton pc, tu peux jeter un oeil ici
securite proteger un ordinateur contre les malwares d internet

et un autre ici
https://forum.pcastuces.com/default.asp

0
Réponse 12 / 13
Matlou
 
Bonsoir Philae,

j'ai l'impression que j'ai un autre souci.

Alors que j'avais pu faire un scan avec Bitdefender avant le grand nettoyage, lorsque je veux le lancer, j'ai le message suivant :

"This website is not authorized to host this ActiveX Control. Please contact the webmaster....."

J'ai revu ma config des contrôles ActiveX dans le panneau de config. Je pense que ça ne vient pas de là !

As-tu des pistes ?

Au plaisir de te lire ;)
0
Réponse 13 / 13
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

il faudrait que tu lances Hijackthis et que tu coches les lignes 016 afférentes à bitdefender, puis tu essayes de relancer
0

Discussions similaires

Probleme d'affichage google chrome
flyingvvv -
helo -

5 réponses
Problème d'affichage d'une page web.
mk51 -
mk51 -

33 réponses
Code source couleur de fond
Mehdi-Amg -
Techno01 -

9 réponses
Problème d'affichage/bugs graphiques sur Chrome sur Android
Narell -
Narell -

4 réponses
impossible de voir les photos et videos sur une conversation messenger
cortomaltese83 -
Oceii -

4 réponses