! SOS ! Mon PC utilisé en Serveur de SPAMRésolu/Fermé

Question

Appel à l'aide !

J'ai posé un post : Virus ? Envoi de mail en très grand nombre. Mais je n'ai pas de réponse.

Spybot, Adaware ne détecte rien
Bit défender, Avast, Nod32 ne détecte rien
Pourtant, dès que je suis connecté au réseau, Zone alarm et avast me signale l'envoi de messages en très grand nombre à tout un tas d'adresses mail en Europe.


Voici le rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA) 
Scan saved at 21:14:54, on 18/07/2007 
Platform: Windows XP SP2 (WinNT 5.01.2600) 
Boot mode: Normal 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\svchost.exe 
C:\Program Files\Windows Defender\MsMpEng.exe 
C:\WINDOWS\System32\svchost.exe 
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
C:\Program Files\Alwil Software\Avast4\ashServ.exe 
C:\WINDOWS\system32\spoolsv.exe 
C:\WINDOWS\Explorer.EXE 
C:\WINDOWS\system32\LVCOMSX.EXE 
C:\Program Files\Logitech\Video\LogiTray.exe 
C:\Program Files\Eset
od32kui.exe 
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
C:\Program Files\Softwin\BitDefender8\bdnagent.exe 
C:\Program Files\Optimisation PC\Executive.Diskeeper.Professional.Edition.v9.0.532.Patch.FR.Inclu.Par.Momocougar78\DkService.exe 
C:\WINDOWS\system32\ctfmon.exe 
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 
C:\Program Files\Eset
od32krn.exe 
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\system32\wwSecure.exe 
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe 
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe 
C:\Program Files\Logitech\Video\FxSvr2.exe 
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
C:\Documents and Settings\Particulier\Bureau\HiJackThis_v2.exe 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl"); (C:\Documents and Settings\PARTICULIER\Application Data\Mozilla\Profiles\default\p0as2jdu.slt\prefs.js) 
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\PARTICULIER\Application Data\Mozilla\Profiles\default\p0as2jdu.slt\prefs.js) 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll 
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE 
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe 
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE 
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe 
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\bdnagent.exe 
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot 
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe 
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm 
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites 
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll 
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) 
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) 
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab 
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll 
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/ 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
O18 - Protocol: bw+0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw+0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw-0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw-0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw00 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw00s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw10 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw10s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw20 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw20s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw30 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw30s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw40 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw40s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw50 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw50s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw60 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw60s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw70 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw70s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw80 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw80s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw90 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw90s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwa0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwa0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwb0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwb0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwc0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwc0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwd0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwd0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwe0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwe0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwf0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwf0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll 
O18 - Protocol: bwg0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwg0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwh0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwh0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwi0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwi0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwj0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwj0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwk0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwk0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwl0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwl0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwm0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwm0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwn0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwn0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwo0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwo0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwp0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwp0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwq0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwq0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwr0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwr0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bws0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bws0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwt0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwt0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwu0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwu0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwv0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwv0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bww0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bww0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwx0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwx0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwy0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwy0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwz0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwz0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: offline-8876480 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O21 - SSODL: system32 - {17E99B9B-B6F0-4403-ABDF-37248F7CF741} - sysprinters.dll (file missing) 
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll 
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll 
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe 
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe 
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Optimisation PC\Executive.Diskeeper.Professional.Edition.v9.0.532.Patch.FR.Inclu.Par.Momocougar78\DkService.exe 
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe 
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe 
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe 
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe 
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe 
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
od32krn.exe 
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe 
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe 
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe 
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe 
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe 
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe 
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe 
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe 
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe 
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe 
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe 

-- 
End of file - 22951 bytes 

Il faut que je me déconnecte, car ca déco??? à nouveau....

Merci de votre aide

jlpjlp · Answer

tu as nod 32  + avast + bitdefender ?  ca fait 3 antivirus en temps reel?  ca va planter tout le temps garde en un seul!!!


______________________



ESCAN

https://www.escanav.com/en/mwav-tools/download-free-antivirus-toolkit.asp

manuel :
http://www.malekal.com/tutorial_eScan_antivirus_toolkit.php

----------------------------------

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
• Redémarre ton ordinateur 
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
• Choisis ton compte. 
Déroule la liste des instructions ci-dessous : 
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuie sur Y pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuie sur une touche pour redémarrer le PC. 
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum


____________________________________

combofix

http://mickael.barroux.free.fr/securite/combofix.php



____________________________colle les rapports de tous svp

Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

·  Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean 
·  Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec 
·  Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html


__________________________________



utilise aussi pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo 

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html



___________________________________


 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr


scan en ligne firefox

https://www.trendmicro.com/fr_fr/business.html


_________________________________

recolle hijackthis et dis tes pbs

ged84 · Answer

Merci de ton aide voici le log combo fix "Particulier" - 2007-07-19 21:17:37 - ComboFix 07-07-14.6 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS egedit.com C:\WINDOWS\system32 askmgr.com C:\WINDOWS\system32\xpdx.sys ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NTMLSVC -------\NtmlSvc -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 ))))))))))))))))))))))))))))))) 2007-07-19 21:17 51,200 --a------ C:\WINDOWS ircmd.exe 2007-07-19 19:40 d-a------ C:\WINDOWS\zts2.exe 2007-07-19 19:40 d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2007-07-19 19:40 d-a------ C:\WINDOWS\system32\iifgfgf.dll 2007-07-19 19:40 d-a------ C:\WINDOWS undll16.exe 2007-07-19 19:40 d-a------ C:\WINDOWS undl132.dll 2007-07-19 19:40 d-a------ C:\WINDOWS\logo1_.exe 2007-07-19 19:38 153,088 --a------ C:\WINDOWS\R.COM 2007-07-19 19:38 143,360 --a------ C:\WINDOWS\system32\T.COM 2007-07-18 23:05 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-07-18 23:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-07-18 23:05 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-07-18 23:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-07-18 23:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-07-18 23:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-07-18 23:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-07-18 23:04 2,876,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-18 23:04 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2007-07-18 23:03 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-07-18 22:14 d-------- C:\Hijackthis 2007-07-18 21:01 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-18 21:01 dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-07-18 21:01 d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-07-18 21:01 d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-07-18 21:01 d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-07-18 21:01 d-------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-07-18 21:01 d-------- C:\DOCUME~1\ADMINI~1\Favoris 2007-07-18 21:01 d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-07-18 19:00 14 --a------ C:\DOCUME~1\PARTIC~1\getfile.dat 2007-07-17 23:32 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-07-17 21:57 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-07-17 21:57 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-17 21:57 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-17 21:57 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-17 21:57 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-17 21:57 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-17 21:57 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-10 22:04 d-------- C:\Program Files\Windows Defender 2007-07-09 22:38 512 --a------ C:\ScanSectorLog.dat 2007-07-09 21:45 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-07-09 21:44 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-07-09 21:43 d-------- C:\WINDOWS\system32\ZoneLabs 2007-07-09 21:42 d-------- C:\WINDOWS\Internet Logs 2007-07-08 12:17 d-------- C:\Program Files\SiSoftware 2007-07-08 11:53 d-------- C:\Program Files\Alwil Software 2007-07-08 11:01 d-------- C:\Program Files\Safer Networking 2007-07-08 00:29 d-------- C:\WINDOWS eport 2007-07-08 00:28 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-07-08 00:28 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-07-08 00:28 267,845 --a------ C:\WINDOWS sc.exe 2007-07-08 00:28 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-07-08 00:28 d-------- C:\WINDOWS\AU_Backup 2007-07-08 00:26 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-07-08 00:26 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-07-08 00:26 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-07-08 00:26 d-------- C:\WINDOWS\AU_Temp 2007-07-08 00:26 d-------- C:\WINDOWS\AU_Log (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-19 19:22:00 40,640 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-07-14 17:01:01 -------- d-----w C:\DOCUME~1\PARTIC~1\APPLIC~1\OpenOffice.org2 2007-07-13 16:51:58 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-13 16:50:42 -------- d-----w C:\Program Files\Microsoft ActiveSync 2007-07-13 16:50:39 -------- d-----w C:\Program Files\AvantGo Connect 2007-07-12 20:18:13 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-12 20:18:13 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-12 20:16:39 -------- d-----w C:\Program Files\Microsoft Bootvis 2007-07-12 19:38:05 -------- d-----w C:\Program Files\Yahoo! 2007-07-12 19:38:04 -------- d-----w C:\Program Files\Google 2007-07-12 09:12:02 -------- d-----w C:\Program Files\Lx_cats 2007-07-10 20:02:52 -------- d-----w C:\DOCUME~1\PARTIC~1\APPLIC~1\Skype 2007-06-09 12:59:44 -------- d-----w C:\Program Files\palmOne 2007-05-22 21:16:18 -------- d-----w C:\Program Files\Mobile Kamasutra 2007-05-21 20:30:12 -------- d-----w C:\Program Files\HP 2007-05-21 20:27:19 -------- d-----w C:\Program Files\Common Files 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-01-11 20:38:45 1,544,417 ----a-w C:\Program Files\setupPM.exe 2006-12-25 10:37:31 15,851 ----a-w C:\Program Files\Uninst.isu 2006-12-25 10:37:03 211 ----a-w C:\Program Files abbit.ini 2006-12-25 10:37:03 198 ----a-w C:\Program Files\TLCRUN.INI 2006-12-25 10:37:03 176 ----a-w C:\Program Files\UNINSTALL.INF 2006-10-26 16:36:02 27,640 ----a-w C:\DOCUME~1\PARTIC~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2002-01-09 21:02:22 45,056 ----a-w C:\Program Files\TLCRUN.EXE 2002-01-09 21:00:38 212,992 ----a-w C:\Program Files\LapinMalin Maternelle2.exe 2001-12-11 11:54:52 3,262 ----a-w C:\Program Files\RR Preschool.ico 2001-12-10 20:15:24 57,344 ----a-w C:\Program Files\UNINSTALL.EXE 2001-05-17 20:50:20 151,552 ----a-w C:\Program Files\PuzzleEngine.dll 2001-05-17 20:50:14 417,792 ----a-w C:\Program Files\shelldll.dll 2001-05-17 01:43:00 188,416 ----a-w C:\Program Files rinketcore.dll 2001-05-17 01:41:56 233,472 ----a-w C:\Program Files\ompp32x.dll 2001-01-31 13:37:46 347,648 ----a-w C:\Program Files\Mss32.dll 2001-01-23 14:19:20 291,328 ----a-w C:\Program Files\binkw32.dll 2006-07-05 19:58:08 208 --sh--r C:\WINDOWS\system32\sysbkchx.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-12-15 04:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-07-07 12:29 324416 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] 2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14] "nod32kui"="C:\Program Files\Eset od32kui.exe" [2006-06-11 20:57] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-06-20 12:10] "BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-19 13:32] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{17E99B9B-B6F0-4403-ABDF-37248F7CF741}"="sysprinters.dll" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "DiskeeperSystray"="C:\Program Files\Optimisation PC\Executive.Diskeeper.Professional.Edition.v9.0.532.Patch.FR.Inclu.Par.Momocougar78\DkIcon.exe" "BDMCon"=c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe "BDNewsAgent"=c:\program files\softwin\bitdefender8\bdnagent.exe "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66} rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove Contents of the 'Scheduled Tasks' folder 2007-07-19 19:27:19 C:\WINDOWS asks\MP Scheduled Scan.job 2007-07-19 18:24:07 C:\WINDOWS asks\Vérifier les mises à jour de Windows Live Toolbar.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-19 21:25:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-19 21:29:15 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-19 21:29 --- E O F ---

ged84 · Answer

"Particulier" - 2007-07-19 21:17:37 - ComboFix 07-07-14.6 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS egedit.com C:\WINDOWS\system32 askmgr.com C:\WINDOWS\system32\xpdx.sys ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NTMLSVC -------\NtmlSvc -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 ))))))))))))))))))))))))))))))) 2007-07-19 21:17 51,200 --a------ C:\WINDOWS ircmd.exe 2007-07-19 19:40 d-a------ C:\WINDOWS\zts2.exe 2007-07-19 19:40 d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2007-07-19 19:40 d-a------ C:\WINDOWS\system32\iifgfgf.dll 2007-07-19 19:40 d-a------ C:\WINDOWS undll16.exe 2007-07-19 19:40 d-a------ C:\WINDOWS undl132.dll 2007-07-19 19:40 d-a------ C:\WINDOWS\logo1_.exe 2007-07-19 19:38 153,088 --a------ C:\WINDOWS\R.COM 2007-07-19 19:38 143,360 --a------ C:\WINDOWS\system32\T.COM 2007-07-18 23:05 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-07-18 23:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-07-18 23:05 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-07-18 23:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-07-18 23:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-07-18 23:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-07-18 23:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-07-18 23:04 2,876,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-18 23:04 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2007-07-18 23:03 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-07-18 22:14 d-------- C:\Hijackthis 2007-07-18 21:01 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-18 21:01 dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-07-18 21:01 d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-07-18 21:01 d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-07-18 21:01 d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-07-18 21:01 d-------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-07-18 21:01 d-------- C:\DOCUME~1\ADMINI~1\Favoris 2007-07-18 21:01 d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-07-18 19:00 14 --a------ C:\DOCUME~1\PARTIC~1\getfile.dat 2007-07-17 23:32 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-07-17 21:57 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-07-17 21:57 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-17 21:57 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-17 21:57 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-17 21:57 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-17 21:57 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-17 21:57 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-10 22:04 d-------- C:\Program Files\Windows Defender 2007-07-09 22:38 512 --a------ C:\ScanSectorLog.dat 2007-07-09 21:45 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-07-09 21:44 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-07-09 21:43 d-------- C:\WINDOWS\system32\ZoneLabs 2007-07-09 21:42 d-------- C:\WINDOWS\Internet Logs 2007-07-08 12:17 d-------- C:\Program Files\SiSoftware 2007-07-08 11:53 d-------- C:\Program Files\Alwil Software 2007-07-08 11:01 d-------- C:\Program Files\Safer Networking 2007-07-08 00:29 d-------- C:\WINDOWS eport 2007-07-08 00:28 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-07-08 00:28 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-07-08 00:28 267,845 --a------ C:\WINDOWS sc.exe 2007-07-08 00:28 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-07-08 00:28 d-------- C:\WINDOWS\AU_Backup 2007-07-08 00:26 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-07-08 00:26 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-07-08 00:26 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-07-08 00:26 d-------- C:\WINDOWS\AU_Temp 2007-07-08 00:26 d-------- C:\WINDOWS\AU_Log (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-19 19:22:00 40,640 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-07-14 17:01:01 -------- d-----w C:\DOCUME~1\PARTIC~1\APPLIC~1\OpenOffice.org2 2007-07-13 16:51:58 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-13 16:50:42 -------- d-----w C:\Program Files\Microsoft ActiveSync 2007-07-13 16:50:39 -------- d-----w C:\Program Files\AvantGo Connect 2007-07-12 20:18:13 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-12 20:18:13 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-12 20:16:39 -------- d-----w C:\Program Files\Microsoft Bootvis 2007-07-12 19:38:05 -------- d-----w C:\Program Files\Yahoo! 2007-07-12 19:38:04 -------- d-----w C:\Program Files\Google 2007-07-12 09:12:02 -------- d-----w C:\Program Files\Lx_cats 2007-07-10 20:02:52 -------- d-----w C:\DOCUME~1\PARTIC~1\APPLIC~1\Skype 2007-06-09 12:59:44 -------- d-----w C:\Program Files\palmOne 2007-05-22 21:16:18 -------- d-----w C:\Program Files\Mobile Kamasutra 2007-05-21 20:30:12 -------- d-----w C:\Program Files\HP 2007-05-21 20:27:19 -------- d-----w C:\Program Files\Common Files 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-01-11 20:38:45 1,544,417 ----a-w C:\Program Files\setupPM.exe 2006-12-25 10:37:31 15,851 ----a-w C:\Program Files\Uninst.isu 2006-12-25 10:37:03 211 ----a-w C:\Program Files abbit.ini 2006-12-25 10:37:03 198 ----a-w C:\Program Files\TLCRUN.INI 2006-12-25 10:37:03 176 ----a-w C:\Program Files\UNINSTALL.INF 2006-10-26 16:36:02 27,640 ----a-w C:\DOCUME~1\PARTIC~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2002-01-09 21:02:22 45,056 ----a-w C:\Program Files\TLCRUN.EXE 2002-01-09 21:00:38 212,992 ----a-w C:\Program Files\LapinMalin Maternelle2.exe 2001-12-11 11:54:52 3,262 ----a-w C:\Program Files\RR Preschool.ico 2001-12-10 20:15:24 57,344 ----a-w C:\Program Files\UNINSTALL.EXE 2001-05-17 20:50:20 151,552 ----a-w C:\Program Files\PuzzleEngine.dll 2001-05-17 20:50:14 417,792 ----a-w C:\Program Files\shelldll.dll 2001-05-17 01:43:00 188,416 ----a-w C:\Program Files rinketcore.dll 2001-05-17 01:41:56 233,472 ----a-w C:\Program Files\ompp32x.dll 2001-01-31 13:37:46 347,648 ----a-w C:\Program Files\Mss32.dll 2001-01-23 14:19:20 291,328 ----a-w C:\Program Files\binkw32.dll 2006-07-05 19:58:08 208 --sh--r C:\WINDOWS\system32\sysbkchx.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-12-15 04:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-07-07 12:29 324416 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] 2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14] "nod32kui"="C:\Program Files\Eset od32kui.exe" [2006-06-11 20:57] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-06-20 12:10] "BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-19 13:32] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{17E99B9B-B6F0-4403-ABDF-37248F7CF741}"="sysprinters.dll" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "DiskeeperSystray"="C:\Program Files\Optimisation PC\Executive.Diskeeper.Professional.Edition.v9.0.532.Patch.FR.Inclu.Par.Momocougar78\DkIcon.exe" "BDMCon"=c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe "BDNewsAgent"=c:\program files\softwin\bitdefender8\bdnagent.exe "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66} rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove Contents of the 'Scheduled Tasks' folder 2007-07-19 19:27:19 C:\WINDOWS asks\MP Scheduled Scan.job 2007-07-19 18:24:07 C:\WINDOWS asks\Vérifier les mises à jour de Windows Live Toolbar.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-19 21:25:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-19 21:29:15 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-19 21:29 --- E O F ---

ged84 · Answer

voici le log combofix quarantined files :

[code]
2004-08-05 14:00      143360    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\TASKMGR.COM.vir
2004-08-05 14:00      153088    --a------    C:\Qoobox\Quarantine\C\WINDOWS\REGEDIT.COM.vir
2007-07-09 22:27      61114    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir
2007-07-19 21:20      1026    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NTMLSVC.reg.cf
2007-07-19 21:20      294    --a------    C:\Qoobox\Quarantine\catchme.log
2007-07-19 21:20      3766    --a------    C:\Qoobox\Quarantine\Registry_backups\services_NtmlSvc.reg.cf
2007-07-19 21:20      59744    --a------    C:\Qoobox\Quarantine\catchme2007-07-19_212526.39.zip
2007-07-19 21:20      74    --a------    C:\Qoobox\Quarantine\Registry_backups\services_xpdx.reg.cf


Structure du dossier
Le num‚ro de s‚rie du volume est 94F8-E52C
C:\QOOBOX
\---Quarantine
    |   catchme.log
    |   catchme2007-07-19_212526.39.zip
    |   
    +---C
    |   \---WINDOWS
    |       |   REGEDIT.COM.vir
    |       |   
    |       \---system32
    |               TASKMGR.COM.vir
    |               xpdx.sys.vir
    |               
    \---Registry_backups
            LEGACY_NTMLSVC.reg.cf
            services_NtmlSvc.reg.cf
            services_xpdx.reg.cf
            
[/code]

ged84 · Answer

Maintenant le log mwav escan mais pas réalisé en mode sans échec : "Particulier" - 2007-07-19 21:17:37 - ComboFix 07-07-14.6 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS egedit.com C:\WINDOWS\system32 askmgr.com C:\WINDOWS\system32\xpdx.sys ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NTMLSVC -------\NtmlSvc -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 ))))))))))))))))))))))))))))))) 2007-07-19 21:17 51,200 --a------ C:\WINDOWS ircmd.exe 2007-07-19 19:40 d-a------ C:\WINDOWS\zts2.exe 2007-07-19 19:40 d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2007-07-19 19:40 d-a------ C:\WINDOWS\system32\iifgfgf.dll 2007-07-19 19:40 d-a------ C:\WINDOWS undll16.exe 2007-07-19 19:40 d-a------ C:\WINDOWS undl132.dll 2007-07-19 19:40 d-a------ C:\WINDOWS\logo1_.exe 2007-07-19 19:38 153,088 --a------ C:\WINDOWS\R.COM 2007-07-19 19:38 143,360 --a------ C:\WINDOWS\system32\T.COM 2007-07-18 23:05 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-07-18 23:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-07-18 23:05 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-07-18 23:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-07-18 23:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-07-18 23:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-07-18 23:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-07-18 23:04 2,876,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-18 23:04 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2007-07-18 23:03 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-07-18 22:14 d-------- C:\Hijackthis 2007-07-18 21:01 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-18 21:01 dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-07-18 21:01 d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-07-18 21:01 d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-07-18 21:01 d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-07-18 21:01 d-------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-07-18 21:01 d-------- C:\DOCUME~1\ADMINI~1\Favoris 2007-07-18 21:01 d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-07-18 19:00 14 --a------ C:\DOCUME~1\PARTIC~1\getfile.dat 2007-07-17 23:32 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-07-17 21:57 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-07-17 21:57 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-17 21:57 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-17 21:57 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-17 21:57 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-17 21:57 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-17 21:57 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-10 22:04 d-------- C:\Program Files\Windows Defender 2007-07-09 22:38 512 --a------ C:\ScanSectorLog.dat 2007-07-09 21:45 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-07-09 21:44 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-07-09 21:43 d-------- C:\WINDOWS\system32\ZoneLabs 2007-07-09 21:42 d-------- C:\WINDOWS\Internet Logs 2007-07-08 12:17 d-------- C:\Program Files\SiSoftware 2007-07-08 11:53 d-------- C:\Program Files\Alwil Software 2007-07-08 11:01 d-------- C:\Program Files\Safer Networking 2007-07-08 00:29 d-------- C:\WINDOWS eport 2007-07-08 00:28 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-07-08 00:28 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-07-08 00:28 267,845 --a------ C:\WINDOWS sc.exe 2007-07-08 00:28 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-07-08 00:28 d-------- C:\WINDOWS\AU_Backup 2007-07-08 00:26 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-07-08 00:26 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-07-08 00:26 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-07-08 00:26 d-------- C:\WINDOWS\AU_Temp 2007-07-08 00:26 d-------- C:\WINDOWS\AU_Log (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-19 19:22:00 40,640 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-07-14 17:01:01 -------- d-----w C:\DOCUME~1\PARTIC~1\APPLIC~1\OpenOffice.org2 2007-07-13 16:51:58 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-13 16:50:42 -------- d-----w C:\Program Files\Microsoft ActiveSync 2007-07-13 16:50:39 -------- d-----w C:\Program Files\AvantGo Connect 2007-07-12 20:18:13 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-12 20:18:13 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-12 20:16:39 -------- d-----w C:\Program Files\Microsoft Bootvis 2007-07-12 19:38:05 -------- d-----w C:\Program Files\Yahoo! 2007-07-12 19:38:04 -------- d-----w C:\Program Files\Google 2007-07-12 09:12:02 -------- d-----w C:\Program Files\Lx_cats 2007-07-10 20:02:52 -------- d-----w C:\DOCUME~1\PARTIC~1\APPLIC~1\Skype 2007-06-09 12:59:44 -------- d-----w C:\Program Files\palmOne 2007-05-22 21:16:18 -------- d-----w C:\Program Files\Mobile Kamasutra 2007-05-21 20:30:12 -------- d-----w C:\Program Files\HP 2007-05-21 20:27:19 -------- d-----w C:\Program Files\Common Files 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-01-11 20:38:45 1,544,417 ----a-w C:\Program Files\setupPM.exe 2006-12-25 10:37:31 15,851 ----a-w C:\Program Files\Uninst.isu 2006-12-25 10:37:03 211 ----a-w C:\Program Files abbit.ini 2006-12-25 10:37:03 198 ----a-w C:\Program Files\TLCRUN.INI 2006-12-25 10:37:03 176 ----a-w C:\Program Files\UNINSTALL.INF 2006-10-26 16:36:02 27,640 ----a-w C:\DOCUME~1\PARTIC~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2002-01-09 21:02:22 45,056 ----a-w C:\Program Files\TLCRUN.EXE 2002-01-09 21:00:38 212,992 ----a-w C:\Program Files\LapinMalin Maternelle2.exe 2001-12-11 11:54:52 3,262 ----a-w C:\Program Files\RR Preschool.ico 2001-12-10 20:15:24 57,344 ----a-w C:\Program Files\UNINSTALL.EXE 2001-05-17 20:50:20 151,552 ----a-w C:\Program Files\PuzzleEngine.dll 2001-05-17 20:50:14 417,792 ----a-w C:\Program Files\shelldll.dll 2001-05-17 01:43:00 188,416 ----a-w C:\Program Files rinketcore.dll 2001-05-17 01:41:56 233,472 ----a-w C:\Program Files\ompp32x.dll 2001-01-31 13:37:46 347,648 ----a-w C:\Program Files\Mss32.dll 2001-01-23 14:19:20 291,328 ----a-w C:\Program Files\binkw32.dll 2006-07-05 19:58:08 208 --sh--r C:\WINDOWS\system32\sysbkchx.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-12-15 04:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-07-07 12:29 324416 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] 2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14] "nod32kui"="C:\Program Files\Eset od32kui.exe" [2006-06-11 20:57] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-06-20 12:10] "BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-19 13:32] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{17E99B9B-B6F0-4403-ABDF-37248F7CF741}"="sysprinters.dll" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "DiskeeperSystray"="C:\Program Files\Optimisation PC\Executive.Diskeeper.Professional.Edition.v9.0.532.Patch.FR.Inclu.Par.Momocougar78\DkIcon.exe" "BDMCon"=c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe "BDNewsAgent"=c:\program files\softwin\bitdefender8\bdnagent.exe "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66} rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove Contents of the 'Scheduled Tasks' folder 2007-07-19 19:27:19 C:\WINDOWS asks\MP Scheduled Scan.job 2007-07-19 18:24:07 C:\WINDOWS asks\Vérifier les mises à jour de Windows Live Toolbar.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-19 21:25:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-19 21:29:15 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-19 21:29 --- E O F ---

ged84 · Answer

Je poursuis les opérations dans la soirée...

jlpjlp · Answer

tu as nod 32 + avast + bitdefender ? ca fait 3 antivirus en temps reel? ca va planter tout le temps garde en un seul!!!


tu ne m'as pas dis ? tu as quoi comme antivirus?

ged84 · Answer

J'ai arrêté Nod 32, Bit défender, et stopper la géstion résidente de avast.

Cependant, lorsque j'ai lancé combofix, j'ai du rouvrir la session, est les 3 antivirus ont démarrés en démarrage auto.

ged84 · Answer

avec easy cleaner, j'ai supprimé le lancement au démarrage de Nod 32, bit défender, et zone alarm.
Il me reste donc avast.

Je vais lancer mwav en mode sans échec avec cette config

jlpjlp · Answer

garde un seul des trois c'est ca qui fait planter  en partie ton systeme!!

si tu paye garde bitdefender  sinon avast














pour protéger gratos ton ordi

securite

mettre un SEUL  antivirus

AVAST en français   ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

-------------

des anti-espions:

AD AWARE + SPYBOT + WINDOWS DEFENDER 

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...


--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
zonealarm

-----------

CCLEANER pour effacer les traces de surf

ged84 · Answer

L'opération manuel comme indiquée de mwav n'a pas fonctionné en mode sans échec. Pourtant le maj de la base virale en mode normal est ok.

Ok pour les solutions de sécurité. Cependant mon pb existe alors que je n'avais que nod32, avec pare feu windows. Ce n'est que pour essayer de régler le pb seul, que j'ai installé zone alarm, bit défender, avast, et windows machin, etc...


Je poursuis avec SDFix.

ged84 · Answer

Voici le report de SDFix :



SDFix: Version 1.92

Run by Particulier on 19/07/2007 at 22:58

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE HomePage 
Restoring Default Desktop Components Value
Restoring Missing Security Center Service 
Restoring Missing SharedAccess Service 

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWSegedit.com  - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Particulier\Local Settings\Application Data\Microsoft\Messenger\georges-eric.dupont@orange.fr\Sharing Folders
atibarbotin@hotmail.com\Thumbs.db
C:\Documents and Settings\Particulier\Bureau\S‚curit‚\EasyClea.exe
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\sysbkchx.sys
C:\san_test.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

                                 Finished

jlpjlp · Answer

ou en sont tes pbs?  que dit le scan en ligne?


 télécharger sur le bureau 
Navilog.zip 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

= Double-Clic navilog1.zip 
= Extraire tout sur le bureau 
= Double-Clic navilog1 qui est sur le bureau 
= Appuyer sur une touche jusqu' arriver aux options 
= Choisir option 1 

un rapport : fixnavi.txt dans C : va se creer 
le copier/coller dans ton prochain message.

ged84 · Answer

Alors scan en ligne avec Trend Micro - Il m'a trouvé un grayware et un virus. J'ai lancé la suppression comme suggérer. En essayant de trouver le log, je me suis retrouvé sur la page de scan, et j'ai perdu la page web d'indication (Log sur C: ?). J'ai relancé un scan en ligne. Il m'a trouvé une faille de sécurité MS 05 004?

Je lance navilog et reviens

ged84 · Answer

J'ai chargé Navilog1 sur le bureau comme indiqué (c'est un .exe). J'ai lancé l'application qui s'installe, puis dans la fenêtre après quelques appuis de touche, navilog m'indique : process.exe absent ! désinstaller navilog1 puis réinstaller.

J'ai fait 3 fois la manip, tjs même pb. Process.exe absent ?

QUid ?

jlpjlp · Answer

popups ouverture de fenetres internet publicitaires pop up


fait la methode 2 avec blacklight sur ce lien

ged84 · Answer

Ok c'est parti.

J'ai désinstallé zone alarm. cela me permet de faire le scan en ligne avec Bitdefender. Je ferai cela demain. Chaque scan me prend 1h45 !

ged84 · Answer

Rien avec Blacklight !
voici le log

07/20/07 21:46:32 [Info]: BlackLight Engine 1.0.64 initialized
07/20/07 21:46:32 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/20/07 21:46:33 [Note]: 7019 4
07/20/07 21:46:33 [Note]: 7005 0
07/20/07 21:46:36 [Note]: 7006 0
07/20/07 21:46:36 [Note]: 7011 1892
07/20/07 21:46:36 [Note]: 7026 0
07/20/07 21:46:37 [Note]: 7026 0
07/20/07 21:46:40 [Note]: FSRAW library version 1.7.1022
07/20/07 21:51:18 [Note]: 2000 1012
07/20/07 21:51:18 [Note]: 2000 1012
07/20/07 21:52:01 [Note]: 7007 0

ged84 · Answer

Voici le rapport de navilog !

Search Navipromo version 2.0.5 commencé le 20/07/2007 à 22:08:04,62
 
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes *** 

 


*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Particulier\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/20/07 at 22:08:07.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ............................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/20/07 at 22:13:41 (return code = 0).


*** Recherche fichiers *** 




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] 
 
 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] 
 
 

Recherche Clé Magic Control 
 
 
 
*** Module de Recherche complémentaire *** 
(Recherche fichiers spécifiques) 
 
1)Recherche fichiers connus:


2)Recherche Heuristique :
* 
** 
*** 
**** 
***** 
****** 
******* 
******** 

3)Recherche Certificats :


*** Analyse Terminé le 20/07/2007 à 22:14:13,10 ***

jlpjlp · Answer

ok

sinon esaaye le parefeu jetico ou kerio  a la place de zone alarm

https://manuelsdaide.com/contact/

http://www.open-files.com/forum/index.php?showtopic=29277

ged84 · Answer

Rapport de clean :

 20/07/2007 a 22:31:43,04 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32 
 
*** Recherche des fichiers dans C:\Program Files 
C:\PROGRA~1\PERFEC~1\ FOUND 
"C:\Program Files\DivX\Google\Firefox\ffinstaller.exe" FOUND 
"C:\Program Files\Uninstall.exe" FOUND 
"C:\Program Files\Viewpoint\" FOUND 
*** Fin du rapport ! 

Je refais l'opération en mode sans échec

ged84 · Answer

nos messages se croisent ...

J'ai télécharger Kério, mais pas installé encore.

jlpjlp · Answer

ok  
clean a trouvé des choses encore!



oui essaye kerio ensuite pour bien néttoyé

_______________
AVG antispyxare

https://www.01net.com/telecharger/

Tuto : 
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres" 

Sous la question "Comment réagir ?" : 

-> clique sur "Actions recommandées" et choisis "Quarantaines" 
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système" 

Si un fichier est infecté en fin d'analyse 

->Clique sur "Appliquer toutes les actions " 

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous". 

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici


______________


smit fraud fix 

http://telechargement.zebulon.fr/smitfraudfix.html 



2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) 

3/ puis refaire comme en 2/ mais selectionne l'option 2 et appuyer sur entrée pour commencer la desinfection. lorsque le programme demande si tu veut nettoyer le registre metsoui en tapant 0 et entrée
_______________


utilise aussi pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo 

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html


______________

le scan en ligne 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr


scan en ligne firefox

https://www.trendmicro.com/fr_fr/business.html


________________


si tout c'est bien passé : désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)


__________________

avec tout ç a  tu auras fait le grand menage!!!

_________________

recolle hijackthis et dis tes pbs

ged84 · Answer

Voici le log de Clean en mode sans échec option 2 :

Script execute en mode sans echec 
Rapport clean par Malekal_morte - http://www.malekal.com 
Script execute en mode sans echec 20/07/2007 a 22:39:43,06 

Microsoft Windows XP [version 5.1.2600]
 
*** Suppression des fichiers dans C: 
 
*** Suppression des fichiers dans C:\WINDOWS\ 
 
*** Suppression des fichiers dans C:\WINDOWS\system32 
 
*** Suppression des fichiers dans C:\Program Files 
tentative de suppression de C:\PROGRA~1\PERFEC~1\ 
tentative de suppression de "C:\Program Files\DivX\Google\Firefox\ffinstaller.exe" 
tentative de suppression de "C:\Program Files\Uninstall.exe" 
Impossible de supprimer "C:\Program Files\Uninstall.exe"  
tentative de suppression de "C:\Program Files\Viewpoint\" 
 
*** Suppression des clefs du registre effectuee.. 
*** Fin du rapport !

jlpjlp · Answer

bien je t'ai laissé du boulot pour demain
en esperant que ca termine le travail!

ged84 · Answer

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	09:34:53 21/07/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Particulier\Cookies\particulier@3.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Particulier\Cookies\particulier@4.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Particulier\Cookies\particulier@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Particulier\Cookies\particulier@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Particulier\Cookies\particulier@com[1].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Particulier\Cookies\particulier@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
C:\Documents and Settings\Particulier\Cookies\particulier@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Particulier\Cookies\particulier@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Particulier\Cookies\particulier@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\enfant\Cookies\enfant@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.


Fin du rapport

ged84 · Answer

SmitFraudFix v2.195

Rapport fait à  9:44:21,76, 21/07/2007
Executé à partir de C:\Documents and Settings\Particulier\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Particulier


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Particulier\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» 


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



ATTENTION : j'ai eu des messages comme quoi l'accès au script de Windows host n'est pas autorisé !

ged84 · Answer

SmitFraudFix v2.195

Rapport fait à  9:53:56,20, 21/07/2007
Executé à partir de C:\Documents and Settings\Particulier\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

ged84 · Answer

Bit defender en ligne m'a trouvé un virus. il l'a supprimé ! Le scan se poursuit... J'attends le rapport

J'ai tjs avast en gestion résidente. Il n'a rien vu ?!?

jlpjlp · Answer

ANTIVIR EST MIEUX en gratuit




pour protéger gratos ton ordi

securite

mettre un antivirus

AVAST en français   ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions:

AD AWARE + SPYBOT + WINDOWS DEFENDER 

+/-
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...


--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
zonealarm

-----------

CCLEANER pour effacer les traces de surf

ged84 · Answer

C:\WINDOWS\system32\ActiveScan\pskahk.dll était infecté par Generic.Malware.SIMDWYNVdprn.D9407F4E
le fichier a été supprimé

ged84 · Answer

Pour info je crois que activescan/pskahk.dll provient du scan en ligne de Pandasoftware. No comment !

ged84 · Answer

Suite :

Trend mircro en ligne RAS
Desinstall de Avast OK
Install Kério OK RAS
Install Antivir + Scan complet RAS

Depuis 3 jours, plus de pb. J'espère que c'est règler...

En tout cas en grand MERCI JLPJLP pour ton aide. La gratuité du geste et de l'entraide sont des valeurs qui disparraissent, mais que la communauté du WEB sait conserver. Merci encore.

Dernier rapport Kijackthis au cas ou !



Logfile of HijackThis v1.99.1
Scan saved at 15:05:20, on 21/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Optimisation PC\Executive.Diskeeper.Professional.Edition.v9.0.532.Patch.FR.Inclu.Par.Momocougar78\DkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Hijackthis\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl"); (C:\Documents and Settings\Particulier\Application Data\Mozilla\Profiles\default\p0as2jdu.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Particulier\Application Data\Mozilla\Profiles\default\p0as2jdu.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {BFACC512-F81C-4875-8834-738732CB431E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Optimisation PC\Executive.Diskeeper.Professional.Edition.v9.0.532.Patch.FR.Inclu.Par.Momocougar78\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device -   - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

jlpjlp · Answer

le rapport est bon

------------ 

mets juste à jour JAVA

https://www.01net.com/telecharger/windows/Programmation/java/fiches/8138.html


____________

bon surf

jlpjlp · Answer

oui le  0 18 c'est pour ton materiel logitech

regarde là

http://www.pc-tests.com/Forum/index.php?topic=20289



tu peux mettre ton pb comme réglé

bonne continuation

au plaisir!

! SOS ! Mon PC utilisé en Serveur de SPAM

35 réponses

Discussions similaires

Newsletters