fenetres cid Résolu

Question

Bonjour,
j'ai des fenetres cid qui n'arrete pas de s'ouvrir 
pouvez vous m'aider merci

liguec1 · Answer

salut, premiere chose va voir dans le panneau de configuration ajout et suppression de programme si tu peut supprimer le programme CiD
ensuite post un rapport hijackthis
télécharge et installe le logiciel HijackThis 
 http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
tuto pour l’utiliser 
regarde ici c'est parfaitement expliqué en images 
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

thierry54 · Answer

salut 
merci de m'aider car ca commence a etre lourd
j'ai deja regarder dans le panneau de configuration mais il n'y est pas 
je poste un rapport tres vite

voici mon rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:53, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\RKFreekfree.exe
C:\program files\fichiers communs\installshield\updateservice\issch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.57.152.127 auto.search.msn.com
O1 - Hosts: 69.57.152.127 auto.search.msn.es
O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFreekfree.exe" /b
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\mfcd new.exe
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [Copykeep] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

thierry54 · Answer

bonsoir

plus personne pour m'aider a resoudre mon probleme de fenetres cid 

merci

thierry54 · Answer

bonjour 

pouvez vous m'aider a terminer mon souci avec les fenetres cid 
merci d'avance

green day · Answer

Salut

 Télécharge ceci: (by Moe) :

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.

@+

thierry54 · Answer

Rapport Lopxp fait le 27/10/2007 à 11:13:38
Option de recherche: Listing par date création

Exécuté dans : C:\Program Files\Lopxp



___________________________________________________________________________

[Tâches planifiées]


AEBF53839068C4C7.job
Maintenance en 1 clic.job
Vérifier les mises à jour de Windows Live Toolbar.job



___________________________________________________________________________

[Listing des dossiers Application Data]


C:\Documents and Settings\Administrateur\Application Data

15/11/2005 04:22:38 -- Identities
15/11/2005 04:22:42 -- Microsoft
02/01/2006 09:46:54 -- Real

C:\Documents and Settings\Administrateur\Local Settings\Application Data

02/01/2006 09:18:49 -- ApplicationHistory
15/11/2005 04:22:48 -- Microsoft
02/01/2006 09:25:26 -- {3248F0A6-6813-11D6-A77B-00B0D0150060}

C:\Documents and Settings\All Users\Application Data

11/04/2007 18:38:10 -- Adobe
14/06/2007 22:07:23 -- Ahead
06/04/2007 17:23:22 -- browse peak mess bore
02/01/2006 09:49:58 -- CyberLink
25/05/2007 09:33:29 -- Elaborate Bytes
11/04/2007 14:25:25 -- Google
02/01/2006 10:20:27 -- Hewlett-Packard
02/01/2006 09:48:06 -- InstallShield
06/04/2007 17:03:33 -- MediaLife
28/06/2007 22:22:12 -- Messenger Plus!
15/11/2005 04:23:08 -- Microsoft
06/04/2007 21:23:49 -- Microsoft Help
28/08/2007 21:24:37 -- Nero
07/04/2007 15:39:31 -- NFS Underground
14/09/2007 11:28:48 -- part dead amok eggs
06/04/2007 21:44:22 -- QuickTime
02/10/2007 16:39:18 -- rkfree
02/01/2006 09:23:36 -- SBSI
26/04/2007 11:12:06 -- ScanSoft
25/05/2007 09:21:50 -- SlySoft
02/01/2006 09:43:26 -- Sonic
27/06/2007 17:28:59 -- Spybot - Search & Destroy
08/04/2007 11:10:54 -- SSScanAppDataDir
08/04/2007 11:10:54 -- SSScanWizard
02/01/2006 10:12:23 -- Symantec
05/05/2007 12:50:13 -- TEMP
03/05/2007 17:26:50 -- TuneUp Software
06/04/2007 16:49:24 -- Windows Genuine Advantage
06/04/2007 18:25:42 -- Windows Live Toolbar

C:\Documents and Settings\HP_Administrateur\Application Data

29/08/2007 21:41:50 -- .BitTornado
11/04/2007 18:45:38 -- Adobe
11/04/2007 17:56:32 -- Ahead
15/09/2007 17:45:46 -- ArcSoft
31/05/2007 20:06:46 -- Azureus
17/10/2007 19:31:05 -- BitTorrent
20/09/2007 21:34:37 -- Camfrog
08/04/2007 11:37:35 -- Canon
13/06/2007 20:41:43 -- CyberLink
26/09/2007 09:16:17 -- DonationCoder
06/04/2007 17:22:52 -- For Exit List
11/04/2007 14:29:36 -- Google
06/07/2007 11:05:54 -- Help
06/04/2007 01:03:29 -- HP
06/04/2007 17:06:39 -- HPQ
06/04/2007 00:41:59 -- Identities
06/04/2007 21:42:01 -- Image Zone Express
05/08/2007 12:35:47 -- InstallShield
16/05/2007 14:21:43 -- kctmon
18/06/2007 23:08:01 -- Lavasoft
14/04/2007 15:45:30 -- Leadertech
06/04/2007 17:03:29 -- Logitech
06/04/2007 17:08:33 -- Macromedia
06/04/2007 20:25:36 -- MediaLife
06/04/2007 00:41:59 -- Microsoft
23/05/2007 22:43:09 -- Nero
06/04/2007 21:45:21 -- Nikon
05/08/2007 12:37:56 -- Panasonic
02/09/2007 21:07:15 -- Printer Info Cache
06/04/2007 00:41:59 -- Real
08/04/2007 11:10:54 -- ScanSoft
25/05/2007 09:22:52 -- SlySoft
14/04/2007 15:45:42 -- Sonic
11/04/2007 19:53:43 -- Sun
03/05/2007 17:27:25 -- TuneUp Software
10/08/2007 11:53:03 -- vlc
11/04/2007 15:08:53 -- Windows Desktop Search

___________________________________________________________________________

[Recherche programmes connus, liés à CiD]


Présent : C:\Program Files\Messenger Plus! Live

___________________________________________________________________________

[Clés registre de démarrage]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    Amok Eggs Four Web	REG_SZ	C:\Documents and Settings\All Users\Application Data\part dead amok eggs\mfcd new.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    Copykeep	REG_SZ	C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe


___________________________________________________________________________

[Popups autorisés]


[-] Internet Explorer :

Aucune adresse détectée dans la liste des sites autorisés à émettre des Popups.

[-] Mozilla Firefox (1 autorisé  2 bloqué)

[-] Suite Mozilla / SeaMonkey (1 autorisé  2 bloqué)



- Fin du rapport -

green day · Answer

ok,


Lancer HijackThis et cliquer sur [Do a system scan only]
cocher la case au début des lignes suivantes :

O4 - HKCU\..\Run: [Copykeep] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe 

O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\mfcd new.exe 

Valider en cliquant sur le bouton [Fix Checked]


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ensuite, fais Démarrer > Exécuter. Tape cmd puis valide avec OK.
Dans la fenêtre qui va s'ouvrir, copie et colle ceci :

del /a C:\WINDOWS	asks\AEBF53839068C4C7.job 

ensuite, fais ce qui est indiqué ici stp 

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++

green day · Answer

ensuite suis les manip indiqué dans le lien ;-)

++

thierry54 · Answer

toujours des fenetres cid  ou internet explorer qui s'ouvrent sans arret 
que faire maintenant
merci

thierry54 · Answer

toujours des fenetres cid ou internet explorer qui s'ouvrent sans arret 
que faire maintenant 
merci

pouvez vous m'aider a en finir avec ces pubs

merci

green day · Answer

Salut

 lopxp a été mis à jour

re-télécharge le et poste un rapport stp

++

thierry54 · Answer

bonjour 

merci de ton message d'aide mais c'est fait mon probleme et resolu 
mais merci quand meme 
merci de l'aide apportee
a +
thierry

liguec1 · Answer

Salut, peut tu nous dire comment tu as fais stp

green day · Answer

Salut

 il a crée un autre poste ! :)

++

thierry54 · Answer

re

je n'y suis pas arrive seul mais avec l'aide de FillPCA

j'avis poster un autre discussion
 voila 
si tu veut voir la discussion elles est sous le titre fenetres did
a plus

thierry54 · Answer

CCM
fenetres did
par thierry54
Statut : Résolu
dimanche 28 octobre 2007 à 12h04:08

Bonjour,
apres plusieurs manipulations que l'on m'a conseiller pour supprimer les fenetres cid ou internet explorer qui viennent poluer mon ecran
et bien elles sont toujours la
pouvez vous m'aider a resoudre mon probleme
merci d'avance
Configuration: Windows XP
Internet Explorer 7.024 message(s) posté(s) depuis le vendredi 26 octobre 2007 Dernier Message Autres messages de thierry54 Signaler ce message aux modérateurs Retour au thème du forum Forum virus/sécurité
Répondre à thierry54

1
Répondre à FillPCA
Ce message vous semble utile, votez !Autres messages de FillPCASignaler ce message aux modérateursEnvoyer un message privé à FillPCARevenir au forum Forum virus/sécurité Par FillPCA, le dimanche 28 octobre 2007 à 13h01:49
Bonjour,

Peux-tu éditer un rapport Hijackthis ?

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Fais un scan et poste l'analyse.

FillPCA

747 message(s) posté(s) depuis le samedi 21 avril 2007

Continuer la discussion

2
Répondre à thierry54
Ce message vous semble utile, votez !Autres messages de thierry54Signaler ce message aux modérateursEnvoyer un message privé à thierry54Revenir au forum Forum virus/sécurité Par thierry54, le dimanche 28 octobre 2007 à 15h40:48
bonjour
merci de ton aide

voici mon rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:57, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\program files\fichiers communs\installshield\updateservice\issch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\tools\CometBrowser.exe
C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe
c:\Program Files\Sonic\MyDVD\MyDVD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.57.152.127 auto.search.msn.com
O1 - Hosts: 69.57.152.127 auto.search.msn.es
O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [Copykeep] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

End of file - 23518 bytes

24 message(s) posté(s) depuis le vendredi 26 octobre 2007

Continuer la discussion

3
Répondre à FillPCA
Ce message vous semble utile, votez !Autres messages de FillPCASignaler ce message aux modérateursEnvoyer un message privé à FillPCARevenir au forum Forum virus/sécurité Par FillPCA, le dimanche 28 octobre 2007 à 15h48:43
Re,

Merci à Lazzzy

* Télécharger lopxpMH : http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
* Dézippe-le au moyen d'un clic droit et extrais-le sur le bureau.
* Edite le rapport généré.

FillPCA

747 message(s) posté(s) depuis le samedi 21 avril 2007

Continuer la discussion

4
Répondre à thierry54
Ce message vous semble utile, votez !Autres messages de thierry54Signaler ce message aux modérateursEnvoyer un message privé à thierry54Revenir au forum Forum virus/sécurité Par thierry54, le dimanche 28 octobre 2007 à 16h31:20
re

voici ce que ca m'a donner
est ce que c'est ca dont tu as besoin

Rapport lopxpMH2 version 2.0 fait à 16:26:42,70 le 28/10/2007
Rapport lopxpMH2 version 2.0 fait à 16:26:42,70 le 28/10/2007
C:\Documents and Settings\HP_Administrateur\Bureau\lopxpMH2

******************************************
## Répertoires Application Data
## Répertoires Application Data

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\Administrateur\Application Data

06/04/2007 07:24 <REP> .
06/04/2007 07:24 <REP> ..
15/11/2005 03:22 <REP> Identities
15/11/2005 03:22 <REP> Microsoft
02/01/2006 08:46 <REP> Real
10/10/2005 14:24 62 desktop.ini
1 fichier(s) 62 octets
5 Rép(s) 230 998 962 176 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

15/11/2005 03:22 <REP> .
15/11/2005 03:22 <REP> ..
02/01/2006 08:25 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
02/01/2006 08:18 <REP> ApplicationHistory
15/11/2005 03:22 <REP> Microsoft
02/01/2006 08:18 137 fusioncache.dat
02/01/2006 08:54 2 003 318 IconCache.db
2 fichier(s) 2 003 455 octets
5 Rép(s) 230 998 634 496 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\All Users\Application Data

06/04/2007 07:24 <REP> .
06/04/2007 07:24 <REP> ..
11/04/2007 17:38 <REP> Adobe
14/06/2007 21:07 <REP> Ahead
06/04/2007 16:23 <REP> browse peak mess bore
02/01/2006 08:49 <REP> CyberLink
25/05/2007 08:33 <REP> Elaborate Bytes
11/04/2007 13:25 <REP> Google
27/10/2007 11:58 <REP> Grisoft
02/01/2006 09:20 <REP> Hewlett-Packard
02/01/2006 08:48 <REP> InstallShield
06/04/2007 16:03 <REP> MediaLife
15/11/2005 03:23 <REP> Microsoft
06/04/2007 20:23 <REP> Microsoft Help
28/08/2007 20:24 <REP> Nero
07/04/2007 14:39 <REP> NFS Underground
14/09/2007 10:28 <REP> part dead amok eggs
06/04/2007 20:44 <REP> QuickTime
02/01/2006 08:23 <REP> SBSI
26/04/2007 10:12 <REP> ScanSoft
25/05/2007 08:21 <REP> SlySoft
02/01/2006 08:43 <REP> Sonic
27/06/2007 16:28 <REP> Spybot - Search & Destroy
08/04/2007 10:10 <REP> SSScanAppDataDir
08/04/2007 10:10 <REP> SSScanWizard
02/01/2006 09:12 <REP> Symantec
05/05/2007 11:50 <REP> TEMP
03/05/2007 16:26 <REP> TuneUp Software
06/04/2007 15:49 <REP> Windows Genuine Advantage
06/04/2007 17:25 <REP> Windows Live Toolbar
25/05/2007 08:21 125 .zreglib
10/10/2005 14:24 62 desktop.ini
02/01/2006 08:42 2 427 hpzinstall.log
3 fichier(s) 2 614 octets
30 Rép(s) 230 998 372 352 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\Default User\Application Data

06/04/2007 07:25 <REP> .
06/04/2007 07:25 <REP> ..
15/11/2005 03:23 <REP> Identities
15/11/2005 03:23 <REP> Microsoft
05/04/2007 23:40 <REP> Real
10/10/2005 14:24 62 desktop.ini
1 fichier(s) 62 octets
5 Rép(s) 230 997 979 136 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

15/11/2005 03:23 <REP> .
15/11/2005 03:23 <REP> ..
05/04/2007 23:40 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
05/04/2007 23:40 <REP> ApplicationHistory
15/11/2005 03:23 <REP> Microsoft
05/04/2007 23:40 137 fusioncache.dat
05/04/2007 23:40 2 003 318 IconCache.db
2 fichier(s) 2 003 455 octets
5 Rép(s) 230 997 504 000 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\HP_Administrateur\Application Data

05/04/2007 23:41 <REP> .
05/04/2007 23:41 <REP> ..
29/08/2007 20:41 <REP> .BitTornado
11/04/2007 17:45 <REP> Adobe
11/04/2007 16:56 <REP> Ahead
15/09/2007 16:45 <REP> ArcSoft
31/05/2007 19:06 <REP> Azureus
17/10/2007 18:31 <REP> BitTorrent
20/09/2007 20:34 <REP> Camfrog
08/04/2007 10:37 <REP> Canon
13/06/2007 19:41 <REP> CyberLink
26/09/2007 08:16 <REP> DonationCoder
06/04/2007 16:22 <REP> For Exit List
11/04/2007 13:29 <REP> Google
06/07/2007 10:05 <REP> Help
06/04/2007 00:03 <REP> HP
06/04/2007 16:06 <REP> HPQ
05/04/2007 23:41 <REP> Identities
06/04/2007 20:42 <REP> Image Zone Express
05/08/2007 11:35 <REP> InstallShield
16/05/2007 13:21 <REP> kctmon
18/06/2007 22:08 <REP> Lavasoft
14/04/2007 14:45 <REP> Leadertech
06/04/2007 16:03 <REP> Logitech
06/04/2007 16:08 <REP> Macromedia
06/04/2007 19:25 <REP> MediaLife
05/04/2007 23:41 <REP> Microsoft
23/05/2007 21:43 <REP> Nero
06/04/2007 20:45 <REP> Nikon
05/08/2007 11:37 <REP> Panasonic
02/09/2007 20:07 <REP> Printer Info Cache
05/04/2007 23:41 <REP> Real
08/04/2007 10:10 <REP> ScanSoft
25/05/2007 08:22 <REP> SlySoft
14/04/2007 14:45 <REP> Sonic
11/04/2007 18:53 <REP> Sun
03/05/2007 16:27 <REP> TuneUp Software
10/08/2007 10:53 <REP> vlc
11/04/2007 14:08 <REP> Windows Desktop Search
10/07/2007 19:13 <REP> ???????sAppData
05/04/2007 23:42 62 desktop.ini
18/09/2007 19:36 187 G-Force Prefs (WindowsMediaPlayer).txt
2 fichier(s) 249 octets
40 Rép(s) 230 997 504 000 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data

05/04/2007 23:41 <REP> .
05/04/2007 23:41 <REP> ..
05/04/2007 23:41 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
11/04/2007 17:38 <REP> Adobe
11/04/2007 17:00 <REP> Ahead
05/04/2007 23:41 <REP> ApplicationHistory
13/06/2007 19:41 <REP> DVDPlay
11/04/2007 13:29 <REP> Google
06/07/2007 10:05 <REP> Help
06/04/2007 00:03 <REP> HP
11/04/2007 14:08 <REP> Identities
06/04/2007 00:03 <REP> IsolatedStorage
06/04/2007 16:03 <REP> MediaLife
05/04/2007 23:41 <REP> Microsoft
06/04/2007 20:23 <REP> Microsoft Help
23/05/2007 21:33 <REP> MicroVision Applications
12/04/2007 09:11 <REP> PCHealth
16/09/2007 09:11 <REP> Pixology
06/04/2007 00:01 33 792 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
26/09/2007 08:16 58 DonationCoder_ScreenshotCaptor_InstallInfo.dat
05/04/2007 23:42 140 fusioncache.dat
06/04/2007 00:03 112 464 GDIPFONTCACHEV1.DAT
05/04/2007 23:42 2 643 914 IconCache.db
5 fichier(s) 2 790 368 octets
18 Rép(s) 230 997 368 832 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\LocalService\Application Data

02/01/2006 08:13 <REP> .
02/01/2006 08:13 <REP> ..
02/01/2006 08:13 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 230 997 106 688 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

02/01/2006 08:13 <REP> .
02/01/2006 08:13 <REP> ..
12/04/2007 20:11 <REP> Adobe
02/01/2006 08:13 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 230 997 106 688 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\NetworkService\Application Data

02/01/2006 08:13 <REP> .
02/01/2006 08:13 <REP> ..
02/01/2006 08:13 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 230 996 910 080 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

02/01/2006 08:13 <REP> .
02/01/2006 08:13 <REP> ..
02/01/2006 08:13 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 230 996 844 544 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

06/04/2007 07:20 <REP> .
06/04/2007 07:20 <REP> ..
15/11/2005 03:59 <REP> Identities
15/11/2005 03:59 <REP> Microsoft
05/04/2007 23:40 <REP> Real
05/04/2007 23:40 <REP> Symantec
10/10/2005 14:24 62 desktop.ini
1 fichier(s) 62 octets
6 Rép(s) 230 996 713 472 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

15/11/2005 03:59 <REP> .
15/11/2005 03:59 <REP> ..
05/04/2007 23:40 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
05/04/2007 23:40 <REP> ApplicationHistory
15/11/2005 03:59 <REP> Microsoft
05/04/2007 23:40 137 fusioncache.dat
05/04/2007 23:40 2 003 318 IconCache.db
2 fichier(s) 2 003 455 octets
5 Rép(s) 230 996 164 608 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

C:\WINDOWS\Tasks\Maintenance
Maintenance inexploitable

C:\WINDOWS\Tasks\Vérifier
Vérifier inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Program Files

28/10/2007 12:08 <REP> .
28/10/2007 12:08 <REP> ..
06/04/2007 21:06 <REP> 3Planesoft Screensaver Manager
25/04/2007 22:00 <REP> 7-Zip
12/08/2007 16:54 <REP> Activision Value
08/06/2007 08:54 <REP> Adobe
06/04/2007 20:43 <REP> ArcSoft
28/10/2007 12:10 <REP> BitComet
20/04/2007 19:47 <REP> Bright Bug Software
03/10/2007 13:31 <REP> Canon
12/08/2007 16:25 <REP> CENEGA
15/09/2007 21:38 <REP> Codemasters
06/04/2007 16:03 <REP> CyberLink
21/09/2007 19:04 <REP> Digital Photo Recovery
02/01/2006 08:53 <REP> DivX
10/04/2007 16:16 <REP> EA GAMES
22/06/2007 07:41 <REP> Elaborate Bytes
26/10/2007 09:28 <REP> ESET
15/09/2007 16:39 <REP> Fichiers communs
25/10/2007 19:43 <REP> GemMasterFrench
24/09/2007 09:50 <REP> Google
02/01/2006 09:06 <REP> Hewlett-Packard
11/04/2007 14:29 <REP> HP
02/01/2006 08:47 <REP> HP DigitalMedia Archive
06/04/2007 20:56 <REP> iColorFolder
12/08/2007 16:38 <REP> Interactive Vision
10/10/2007 02:13 <REP> Internet Explorer
12/05/2007 11:53 <REP> IrfanView
05/10/2007 16:34 <REP> Java
10/07/2007 20:04 <REP> Lavasoft
15/09/2007 16:37 <REP> Logitech
02/01/2006 08:39 <REP> MainConcept
06/04/2007 21:33 <REP> Messenger
02/10/2007 15:51 <REP> Mgutil
05/05/2007 11:50 <REP> Micro Application
10/05/2007 08:38 <REP> Microsoft CAPICOM 2.1.0.2
15/11/2005 03:24 <REP> microsoft frontpage
26/04/2007 21:09 <REP> Microsoft Office
26/04/2007 21:08 <REP> Microsoft Visual Studio
26/04/2007 21:09 <REP> Microsoft Works
26/04/2007 21:08 <REP> Microsoft.NET
11/10/2007 20:00 <REP> MotoGP2
25/10/2007 20:46 <REP> Movie Collection
15/11/2005 03:24 <REP> Movie Maker
26/04/2007 21:09 <REP> MSBuild
04/07/2007 19:43 <REP> MSN
15/11/2005 03:25 <REP> MSN Gaming Zone
28/10/2007 11:58 <REP> MSN Messenger
06/04/2007 00:12 <REP> MSXML 4.0
02/01/2006 08:52 <REP> muvee Technologies
11/04/2007 16:54 <REP> Nero
15/11/2005 03:25 <REP> NetMeeting
10/08/2007 10:49 <REP> Neuf
06/04/2007 20:45 <REP> Nikon
15/11/2005 03:25 <REP> Online Services
13/06/2007 18:08 <REP> Outlook Express
05/08/2007 11:36 <REP> Panasonic
10/10/2007 10:51 <REP> PC-Doctor 5 for Windows
15/09/2007 16:38 <REP> Philips
27/08/2007 21:40 <REP> Picasa2
12/04/2007 11:21 <REP> PowerpointImageExtractor_V1_2
10/04/2007 20:19 <REP> Prolific Publishing, Inc
06/04/2007 20:44 <REP> QuickTime
02/01/2006 08:46 <REP> Real
08/04/2007 10:10 <REP> ScanSoft
10/04/2007 20:23 <REP> SereneScreen
02/01/2006 09:08 <REP> Services en ligne
25/05/2007 08:18 <REP> SlySoft
02/01/2006 08:48 <REP> Sonic
27/08/2007 21:30 <REP> Spybot - Search & Destroy
06/04/2007 21:06 <REP> The Lost Watch 3D Screensaver
16/10/2007 19:44 <REP> TuneUp Utilities 2007
04/09/2007 14:33 <REP> Ubisoft
06/04/2007 20:57 <REP> VisualTaskTips
11/04/2007 14:05 <REP> Windows Desktop Search
01/06/2007 11:00 <REP> Windows Live Toolbar
19/04/2007 21:07 <REP> Windows Media Connect 2
18/09/2007 19:43 <REP> Windows Media Player
15/11/2005 03:25 <REP> Windows NT
15/11/2005 03:25 <REP> Windows Plus
11/07/2007 20:02 <REP> WinRAR
12/04/2007 18:52 <REP> WinZip
15/11/2005 03:26 <REP> xerox
22/09/2007 11:57 <REP> Yahoo!
0 fichier(s) 0 octets
84 Rép(s) 230 994 378 752 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ https://actus.sfr.fr

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Copykeep REG_SZ C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\WINDOWS

16/11/2004 14:27 7 677 The Lost Watch 3D Screensaver.html
1 fichier(s) 7 677 octets
0 Rép(s) 230 986 592 256 octets libres

*************** Fin du rapport ****************

24 message(s) posté(s) depuis le vendredi 26 octobre 2007

Continuer la discussion

5
Répondre à FillPCA
Ce message vous semble utile, votez !Autres messages de FillPCASignaler ce message aux modérateursEnvoyer un message privé à FillPCARevenir au forum Forum virus/sécurité Par FillPCA, le dimanche 28 octobre 2007 à 16h57:13
Re,

1/
* Imprime ceci.
* Télécharge Brute Force Uninstaller (de Merijn) : http://www.merijn.org/files/bfu.zip
* Créé un nouveau dossier directement sur le C:\ et nomme-le BFU.
* Décompresse le fichier téléchargé dans ce nouveau dossier au moyen d'un clic droit (Extraire vers...C:\BFU).
* Ouvre le bloc-note de windows.
* Copie-colle ces lignes dans la fenêtre du bloc-note :

OptionUnloadShell

Processkill \scrprocshow.exe|1

RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Copykeep

FolderDelete %ALLUSERSAPPDATA%\browse peak mess bore
FolderDelete %ALLUSERSAPPDATA%\part dead amok eggs
FolderDelete %APPDATA%\For Exit List

SystemEmptyTempFolder
SystemEmptyInternetCache
SystemEmptyRecycleBin

* Enregistre le fichier sur le bureau en fix.txt
* Fais un clic droit sur ce fichier, choisis Renommer et dans la case, indique le nom fix.BFU.
* Déplace-le dans le même dossier que Brute Force Uninstaller soit dans c:\BFU
* Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : fix.bfu et BFU.exe (très important).
* Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 (ou F5); tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
* Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
* Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : fix.bfu.
* Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\fix.bfu
* Clique sur Execute et laisse-le faire son travail.
* Attendre que Complete script execution apparaîsse et clique sur OK.
* Clique Exit pour fermer le programme BFU.
* Redémarre normalement ton PC.

2/ * Télécharge sur ton bureau RHosts (Merci à S!ri) disponible ici : http://siri.urz.free.fr/Softs/RHosts.exe
* Double-clique sur Rhosts.exe et clique sur "restaurer".

Edite aussi un nouveau rapport HIjackthis.

FillPCA

747 message(s) posté(s) depuis le samedi 21 avril 2007

Continuer la discussion

6
Répondre à thierry54
Ce message vous semble utile, votez !Autres messages de thierry54Signaler ce message aux modérateursEnvoyer un message privé à thierry54Revenir au forum Forum virus/sécurité Par thierry54, le dimanche 28 octobre 2007 à 20h39:39
re

je suis aller jusqu'au mode sans echec mais des que je valide mode sans echec j'ai un ecran noir et puis plus moyen d'aller plus loin
y a t'il une autre solution
merci

24 message(s) posté(s) depuis le vendredi 26 octobre 2007

Continuer la discussion

7
Répondre à thierry54
Ce message vous semble utile, votez !Autres messages de thierry54Signaler ce message aux modérateursEnvoyer un message privé à thierry54Revenir au forum Forum virus/sécurité Par thierry54, le dimanche 28 octobre 2007 à 20h53:11
voici un nouveau rapport mais je ne sais pas si ca a changer quelque chose

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:48, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\program files\fichiers communs\installshield\updateservice\issch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\tools\CometBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [Copykeep] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FE7E0A6-C4BA-43D0-

Fenetres cid

16 réponses

Votre réponse

Discussions similaires

Newsletters