Spyware tenace

Question

Bonjour, 

En surfant un peu sur google j'ai attrapé un virus reconut par avast comme cheval de troie, alerte de sécurité... virus impossible à mettre en quarantaine.
Depuis, impossible de m'en débarasser, Avast retrouve des virus, les détruit, ad aware idem, et spybot idem.

Le problème reste le même, le virus de base est toujours la.

De plus, Je ne peux plus accéder à mon panneau de configurartion. Si je veux accéder à "configurer les programmes par défaut" , il s'affiche : 

"Cette opération est annulée en raison des restrictions en vigueur sur cette ordinateur. Contacter votre administrateur system." 

Le panneau de configuration a complétement disparu 

Je suis pourtant administrateur. J'ai été voir en mode sans échec. rien ni fait. 

De plus j'ai une "Windows Security Alert" qui me polu et même avec Norton impossible de s'en débarraser.

Merci de m'aider, de me donner des conseils d'anti-virus/spyware pour me débarasser de ce **** de cheval de troie.

Merci.

clownface · Answer

Bonsoir, 

    * Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
    * Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
    * Faire un clic droit sur navilog1.zip et choisir "tout extraire"
    * Double-cliquez sur navilog1.bat
    * Arriver au menu principal, choisir l'option 1 et valider.
    * Patientez jusqu'au message : Analyse Termine le ...
    * Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt) 

copies/colles ce rapport dans ta prochaine réponse

teemu · Answer

Bonjour, Merci pour la réponse rapide.

Voici le rapport Navilog :

*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\ELO\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\ELO\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

Fichiers suspects :


* Recherche dans C:\DOCUME~1\ELO\LOCALS~1\APPLIC~1 *



*** Recherche fichiers *** 


C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS	mlpcert2007 trouvé !
C:\WINDOWS\system32\axsetup.dll trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\WINDOWS\system32\mtxpzqrcvk.dat trouvé !
C:\WINDOWS\system32\mtxpzqrcvk_nav.dat trouvé !
C:\WINDOWS\system32\hmlcapfwn_navtmp.dat trouvé !


3)Recherche Certificats :

Certificat Egroup trouvé !

clownface · Answer

Bonsoir,

ok tu peux lancer l'option 2 :
    *
          o Double-cliquer sur navilog1.bat
          o Arriver au menu principal, choisir l'option 2 et valider.
          o Indiquer le mode de nettoyage "automatique"
          o Répondre aux questions éventuelles, le bureau disparaîtra, c'est normal !
          o Patienter jusqu'au message : Nettoyage Termine le ...
          o Sauvegarder le rapport de manière à le retrouver, puis fermer le blocnote, le bureau réapparaîtra
          o Le rapport sera en outre sauvegardé à la racine du disque (cleannavi.txt)

NB : Si le bureau ne réapparaît pas, faire CTRL+ALT+SUPPR pour ouvrir le gestionnaire de tâches.
Choisir l'onglet processus. Cliquer en haut à gauche sur fichiers et choisir exécuter,
Taper explorer et valider.

teemu · Answer

Bonsoir, 

OK j'ai fait ce que tu as dit, voici le rapport :

Clean Navipromo version 3.3.5 commencé le 12/11/2007 à 20:37:14,60

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 08.11.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180

Mode suppression automatique 


 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans C:\DOCUME~1\ELO\LOCALS~1\APPLIC~1 *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\ELO\Application Data ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS	mlpcert2007 supprimé !
C:\WINDOWS\system32\axsetup.dll supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\ELO\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche, création sauvegardes et suppression Heuristique :

C:\WINDOWS\System32\mtxpzqrcvk.dat trouvé !
Copie C:\WINDOWS\system32\mtxpzqrcvk.dat réalisé avec succès !
C:\WINDOWS\system32\mtxpzqrcvk.dat supprimé !

C:\WINDOWS\System32\mtxpzqrcvk_nav.dat trouvé !
Copie C:\WINDOWS\system32\mtxpzqrcvk_nav.dat réalisé avec succès !
C:\WINDOWS\system32\mtxpzqrcvk_nav.dat supprimé !

C:\WINDOWS\System32\hmlcapfwn_navtmp.dat trouvé !
Copie C:\WINDOWS\system32\hmlcapfwn_navtmp.dat réalisé avec succès !
C:\WINDOWS\system32\hmlcapfwn_navtmp.dat supprimé !


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Fichiers suspects non supprimés par Navilog1 ***
!! Fichiers légitimes possibles, à contrôler avant suppression !!


*** Nettoyage terminé le 12/11/2007 à 20:43:18,34 ***



Le problème reste le même, toujours pas acces au panneau de config, toujours le même message d'alerte

clownface · Answer

Télécharger HijackThis V2.02 :http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Utilisation :

    * L'installer dans un dossier prévu à cet effet.
          o Par exemple, C:\HijackThis
          o Choisis l'option "do a system scan and save a logfile"; un rapport va être généré…
          o Copier/coller le rapport

teemu · Answer

Re,

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:55, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI
aviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\shell.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\xixduesb\iextsdux.dll
O2 - BHO: (no name) - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bw+0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
aviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

Utilisateur anonyme · Answer

Re,

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:55, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI
aviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\shell.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\xixduesb\iextsdux.dll
O2 - BHO: (no name) - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bw+0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
aviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

clownface · Answer

ok...
un peu de travail en perspective...
tu sais il faut etre prudent sur le net... et sur les sites sur lesquels on va...

relances hijackthis, et coches ces lignes :

O2 - BHO: (no name) - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
	
ensuite télécharge smitfraudfix : http://www.commentcamarche.net/telecharger/telecharger 230 smitfraudfix
tuto : https://www.zebulon.fr/dossiers/tutoriaux/66-smitfraudfix.html
lances l'option 1 et postes le rapport

teemu · Answer

ALors voici :
Sur hijackthis apres avoir coché les lignes je fait quoi ?


SmitFraudFix v2.252

Rapport fait à 22:15:06,18, 12/11/2007
Executé à partir de C:\Documents and Settings\ELO\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI
aviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\shell.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\hijackThis\HijackThis.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

10.18.250.4	download.microsoft.com
10.18.250.4	downloads.microsoft.com
10.18.250.4	go.microsoft.com
10.18.250.4	microsoft.com
10.18.250.4	msdn.microsoft.com
10.18.250.4	office.microsoft.com
10.18.250.4	support.microsoft.com
10.18.250.4	windowsupdate.microsoft.com
10.18.250.4	www.microsoft.com
10.18.250.4	pandasoftware.com
10.18.250.4	www.pandasoftware.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\shell.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\printer.exe PRESENT !
C:\WINDOWS\system32\spoolvs.exe  PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ELO


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ELO\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ELO\MENUDM~1\PROGRA~1\DMARRA~1\findfast.exe PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autorun.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ELO\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{45BAF1ED-4258-4619-BC43-02CF078F0B9E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{45BAF1ED-4258-4619-BC43-02CF078F0B9E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{45BAF1ED-4258-4619-BC43-02CF078F0B9E}: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci de ta patience.

clownface · Answer

tu fais l'option 2 avec smitfraudfix

teemu · Answer

Pour hijackthis tu m'as pas dit, après avoir coché les cases je lui dit quoi ?

clownface · Answer

fix checked
c'est ça la question ?

teemu · Answer

Oui :)


Voili pour le smitfraudfix :

SmitFraudFix v2.252

Rapport fait à 22:40:26,32, 12/11/2007
Executé à partir de C:\Documents and Settings\ELO\Bureau\materiel\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

10.18.250.4	ad.doubleclick.net
10.18.250.4	ad.fastclick.net
10.18.250.4	ads.fastclick.net
10.18.250.4	ar.atwola.com
10.18.250.4	atdmt.com
10.18.250.4	avp.ch
10.18.250.4	avp.com
10.18.250.4	avp.ru
10.18.250.4	awaps.net
10.18.250.4	banner.fastclick.net
10.18.250.4	banners.fastclick.net
10.18.250.4	ca.com
10.18.250.4	click.atdmt.com
10.18.250.4	clicks.atdmt.com
10.18.250.4	customer.symantec.com
10.18.250.4	dispatch.mcafee.com
10.18.250.4	download.mcafee.com
10.18.250.4	downloads-us1.kaspersky-labs.com
10.18.250.4	downloads-us2.kaspersky-labs.com
10.18.250.4	downloads-us3.kaspersky-labs.com
10.18.250.4	downloads1.kaspersky-labs.com
10.18.250.4	downloads2.kaspersky-labs.com
10.18.250.4	downloads3.kaspersky-labs.com
10.18.250.4	downloads4.kaspersky-labs.com
10.18.250.4	engine.awaps.net
10.18.250.4	f-secure.com
10.18.250.4	fastclick.net
10.18.250.4	ftp.avp.ch
10.18.250.4	ftp.downloads1.kaspersky-labs.com
10.18.250.4	ftp.downloads2.kaspersky-labs.com
10.18.250.4	ftp.downloads3.kaspersky-labs.com
10.18.250.4	ftp.f-secure.com
10.18.250.4	ftp.kasperskylab.ru
10.18.250.4	ftp.sophos.com
10.18.250.4	ids.kaspersky-labs.com
10.18.250.4	kaspersky-labs.com
10.18.250.4	kaspersky.com
10.18.250.4	liveupdate.symantec.com
10.18.250.4	liveupdate.symantecliveupdate.com
10.18.250.4	mast.mcafee.com
10.18.250.4	mcafee.com
10.18.250.4	media.fastclick.net
10.18.250.4	my-etrust.com
10.18.250.4	nai.com
10.18.250.4	networkassociates.com
10.18.250.4	norton.com
10.18.250.4	phx.corporate-ir.net
10.18.250.4	rads.mcafee.com
10.18.250.4	secure.nai.com
10.18.250.4	securityresponse.symantec.com
10.18.250.4	service1.symantec.com
10.18.250.4	sophos.com
10.18.250.4	spd.atdmt.com
10.18.250.4	symantec.com
10.18.250.4	trendmicro.com
10.18.250.4	update.symantec.com
10.18.250.4	updates.symantec.com
10.18.250.4	updates1.kaspersky-labs.com
10.18.250.4	updates2.kaspersky-labs.com
10.18.250.4	updates3.kaspersky-labs.com
10.18.250.4	updates4.kaspersky-labs.com
10.18.250.4	updates5.kaspersky-labs.com
10.18.250.4	us.mcafee.com
10.18.250.4	vil.nai.com
10.18.250.4	viruslist.com
10.18.250.4	viruslist.ru
10.18.250.4	virusscan.jotti.org
10.18.250.4	virustotal.com
10.18.250.4	www.avp.ch
10.18.250.4	www.avp.com
10.18.250.4	www.avp.ru
10.18.250.4	www.awaps.net
10.18.250.4	www.ca.com
10.18.250.4	www.f-secure.com
10.18.250.4	www.fastclick.net
10.18.250.4	www.grisoft.com
10.18.250.4	www.kaspersky-labs.com
10.18.250.4	www.kaspersky.com
10.18.250.4	www.kaspersky.ru
10.18.250.4	www.mcafee.com
10.18.250.4	www.my-etrust.com
10.18.250.4	www.nai.com
10.18.250.4	www.networkassociates.com
10.18.250.4	www.sophos.com
10.18.250.4	www.symantec.com
10.18.250.4	www.trendmicro.com
10.18.250.4	www.viruslist.com
10.18.250.4	www.viruslist.ru
10.18.250.4	www.virustotal.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{45BAF1ED-4258-4619-BC43-02CF078F0B9E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{45BAF1ED-4258-4619-BC43-02CF078F0B9E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{45BAF1ED-4258-4619-BC43-02CF078F0B9E}: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

clownface · Answer

postes un nouvel hijackthis pour voir ou nous en sommes

teemu · Answer

Re,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:09, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI
aviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\xixduesb\iextsdux.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bw+0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ECDFA590-DCDB-4DBB-98D5-CF8C53399675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
aviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

clownface · Answer

supprimes navilog et smitfraudfix de ton pc
puis fais un scan en ligne avec bitdenfender : https://www.bitdefender.com/toolbox/
postes le rapport

teemu · Answer

Bonjour, 

hum ....
Could not load the Online Scanner!     
Service Pack 2 was detected on this computer.
Click on the information bar and select "Install ActiveX Control...".

clownface · Answer

bonjour,
clique  sur la barre d'information et selectionne "installer le controle active x'

teemu · Answer

Bonjour, 

BitDefender Online Scanner - Real Time Virus Report
  
  
 
Generated at: Tue, Nov 13, 2007 - 21:56:02
 

--------------------------------------------------------------------------------

 
  
  
 
Scan Info
  
  
 
Scanned Files
 287867
 
Infected Files
 71
 
  
  
 
 
  
  
 
Virus Detected
  
  
 
Trojan.Generic.70831
 2
 
Generic.Otuboh.Dropper.EA6EEDC0
 2
 
Trojan.Generic.72290
 3
 
Win32.Worm.Rxbot.KU
 1
 
Generic.Otuboh.0085C677
 1
 
Generic.Qhost.1E807466
 1
 
Generic.Qhost.7BF24B3A
 1
 
Generic.Qhost.9F9F4520
 1
 
Generic.Malware.SDYd!wdld.9437799C
 59

clownface · Answer

j'aurai aimé le voir en entier.. c'est possible ?

teemu · Answer

Pardon :)
Et merci beaucoup pour ton aide, ca va deja beaucoup mieux (accés au panneau de config, plus de message d'alertes)



BitDefender Online Scanner
  
  
 
Scan report generated at: Tue, Nov 13, 2007 - 21:42:02
 
 
  
  
 
Scan path: A:\;C:\;D:\;
  
  
 
 
  
  
 
Statistics
 
Time
 00:47:35
 
Files
 279374
 
Folders
 8107
 
Boot Sectors
 2
 
Archives
 1548
 
Packed Files
 10374
 
  
  
 
Results
 
Identified Viruses 
 9
 
Infected Files 
 71
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 70
 
  
  
 
Engines Info
 
Virus Definitions
 870696
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\ELO\Application Data\pcpriv.exe
 Infected with: Trojan.Generic.70831
 
C:\Documents and Settings\ELO\Application Data\pcpriv.exe
 Disinfection failed
 
C:\Documents and Settings\ELO\Application Data\pcpriv.exe
 Deleted
 
C:\Documents and Settings\ELO\Application Data\spyguard.exe
 Infected with: Trojan.Generic.72290
 
C:\Documents and Settings\ELO\Application Data\spyguard.exe
 Disinfection failed
 
C:\Documents and Settings\ELO\Application Data\spyguard.exe
 Deleted
 
C:\Documents and Settings	eemu\Menu Démarrer\Programmes\Démarrage\findfast.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\Documents and Settings	eemu\Menu Démarrer\Programmes\Démarrage\findfast.exe
 Disinfection failed
 
C:\Documents and Settings	eemu\Menu Démarrer\Programmes\Démarrage\findfast.exe
 Deleted
 
C:\Program Files\xixduesb\iextsdux.dll
 Infected with: Generic.Otuboh.0085C677
 
C:\Program Files\xixduesb\iextsdux.dll
 Disinfection failed
 
C:\Program Files\xixduesb\iextsdux.dll
 Delete failed
 
C:apport.txt
 Infected with: Generic.Qhost.9F9F4520
 
C:apport.txt
 Disinfection failed
 
C:apport.txt
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040957.exe
 Infected with: Generic.Otuboh.Dropper.EA6EEDC0
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040957.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040957.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040966.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040966.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040966.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040968.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040968.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040968.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040970.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040970.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040970.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040971.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040971.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040971.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040974.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040974.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP124\A0040974.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041313.exe
 Infected with: Generic.Otuboh.Dropper.EA6EEDC0
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041313.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041313.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041325.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041325.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041325.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041326.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041326.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041326.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041327.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041327.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041327.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041328.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041328.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0041328.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042323.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042323.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042323.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042324.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042324.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042324.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042325.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042325.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042325.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042326.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042326.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP126\A0042326.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042337.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042337.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042337.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042338.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042338.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042338.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042339.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042339.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042339.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042340.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042340.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042340.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042582.exe
 Infected with: Trojan.Generic.72290
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042582.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP127\A0042582.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042604.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042604.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042604.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042605.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042605.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042605.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042606.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042606.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042606.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042607.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042607.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0042607.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043325.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043325.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043325.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043326.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043326.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043326.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043327.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043327.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043327.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043337.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043337.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043337.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043338.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043338.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043338.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043339.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043339.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043339.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043340.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043340.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP128\A0043340.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043419.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043419.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043419.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043420.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043420.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043420.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043421.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043421.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043421.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043422.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043422.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP129\A0043422.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043543.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043543.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043543.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043545.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043545.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043545.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043546.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043546.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043546.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043547.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043547.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0043547.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044350.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044350.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044350.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044351.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044351.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044351.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044352.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044352.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044352.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044353.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044353.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044353.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044380.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044380.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044380.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044381.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044381.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044381.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044382.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044382.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044382.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044383.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044383.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP130\A0044383.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044391.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044391.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044391.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044392.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044392.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044392.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044393.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044393.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044393.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044394.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044394.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044394.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044417.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044417.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044417.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044418.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044418.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044418.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044419.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044419.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044419.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044420.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044420.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044420.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044443.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044443.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044443.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044444.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044444.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044444.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044445.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044445.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044445.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044446.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044446.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044446.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044476.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044476.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP131\A0044476.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044617.exe
 Infected with: Trojan.Generic.70831
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044617.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044617.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044618.exe
 Infected with: Trojan.Generic.72290
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044618.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044618.exe
 Deleted
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044619.exe
 Infected with: Generic.Malware.SDYd!wdld.9437799C
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044619.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F8A800B-B5D8-4BA0-B371-9437204CC635}\RP132\A0044619.exe
 Deleted
 
C:\WINDOWS\system32\drivers\etc\hosts
 Infected with: Generic.Qhost.1E807466
 
C:\WINDOWS\system32\drivers\etc\hosts
 Disinfection failed
 
C:\WINDOWS\system32\drivers\etc\hosts
 Deleted
 
C:\WINDOWS\system32\drivers\etc\hosts.msn
 Infected with: Generic.Qhost.7BF24B3A
 
C:\WINDOWS\system32\drivers\etc\hosts.msn
 Disinfection failed
 
C:\WINDOWS\system32\drivers\etc\hosts.msn
 Deleted
 
C:\WINDOWS\system32\shil.exe
 Infected with: Win32.Worm.Rxbot.KU
 
C:\WINDOWS\system32\shil.exe
 Disinfection failed
 
C:\WINDOWS\system32\shil.exe
 Deleted

clownface · Answer

desactive ta restauration systeme (clic droit sur le poste de travail / propriété, onglet restauration du systeme tu coches "désactiver"
ensuite tu  redemarres en mode sans echec et supprimes ce dossier : C:\Program Files\xixduesb

tu reviens en mode normal et refais un scan bitdefender

teemu · Answer

Bonjour, 


BitDefender Online Scanner
  
  
 
Scan report generated at: Tue, Nov 13, 2007 - 23:43:26
 
 
  
  
 
Scan path: A:\;C:\;D:\;
  
  
 
 
  
  
 
Statistics
 
Time
 00:48:27
 
Files
 270428
 
Folders
 7920
 
Boot Sectors
 2
 
Archives
 1476
 
Packed Files
 10170
 
  
  
 
Results
 
Identified Viruses 
 1
 
Infected Files 
 1
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 1
 
  
  
 
Engines Info
 
Virus Definitions
 870829
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\RECYCLER\S-1-5-21-776561741-746137067-682003330-1003\Dc9\iextsdux.dll
 Infected with: Generic.Otuboh.0085C677
 
C:\RECYCLER\S-1-5-21-776561741-746137067-682003330-1003\Dc9\iextsdux.dll
 Disinfection failed
 
C:\RECYCLER\S-1-5-21-776561741-746137067-682003330-1003\Dc9\iextsdux.dll
 Deleted

clownface · Answer

Bonjour,

relances hijackthis
coches et fixes toutes les lignes O18 correspondantes à ta web cam, sauf celle-ci : 

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

télécharge superantispyware (version free) : lien + tuto : https://www.malekal.com/?s=SUPERAntiSpyware
fais un scan comme indiqué dans le tuto
montres ensuite un nouveau rapport hijackthis.

teemu · Answer

Bonjour, 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:57:53, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI
aviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - (no file)
O2 - BHO: (no name) - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
aviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

clownface · Answer

Bonjour,

tu vas aller sur ce site : https://www.virustotal.com/gui/

et tu vas faire analyser ces fichiers : 
C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll
C:\Documents and Settings\All Users\Application Data\zmjaleju.dll
C:\Documents and Settings\All Users\Application Data\hynmtghs.dll
C:\Documents and Settings\All Users\Application Data\otijinob.dll 

il faudra ensuite les supprimer (en mode sans echec s'il refuse de le faire en mode normal)

teemu · Answer

Bonjour, 

OK fichiers suprimés.

clownface · Answer

Bonjour,

postes un nouveau rapport hijackthis stp

teemu · Answer

Bonjour, 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:04, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI
aviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - (no file)
O2 - BHO: (no name) - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
aviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

clownface · Answer

Bonsoir,

relance hijackthis, coches ces lignes : 
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - (no file)
O2 - BHO: (no name) - {5054F860-748D-4840-B7B4-DDDB428421AF} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} -
ensuite cliques sur fix checked.

on va changer d'antivirus, sinon on va pas s'en sortir : http://forum.malekal.com/ftopic4192.php
tu feras un scan et postera le rapport

il te faudrait aussi un parefeu : http://www.commentcamarche.net/faq/sujet 3486 securite le parefeu de windows xp

teemu · Answer

Bonjour, 

Antivir installé à la place d'Avast
Zone Alarm remplace le pare-feu windows



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:27, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI
aviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\GUILD WARS\Gw.exe
C:\WINDOWS\System32\msiexec.exe
C:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
aviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

clownface · Answer

Bonjour,

tu as fait un scan avec antivir ? il y a un rapport ?

es-tu sur que tu avais supprimé les 4  fichiers ? (message 26)
s'ils sont encore là fais ceci :

Télécharge Pocket KillBox : https://www.bleepingcomputer.com/download/linux/ 
dézippes le sur ton bureau. 
Démo animée : http://pageperso.aol.fr/balltrap34/killbox.htm 

Ouvre Pocket Killbox 

Copie le texte en gras ci-dessous (important fais bien un copier pour eviter tout type d'erreur) : 

C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll
C:\Documents and Settings\All Users\Application Data\zmjaleju.dll
C:\Documents and Settings\All Users\Application Data\hynmtghs.dll
C:\Documents and Settings\All Users\Application Data\otijinob.dll

Clique sur le menu 'File' de KillBox (en haut à gauche) et choisis Paste from clipboard 
Sélectionne "Delete on reboot" 

Clique sur le bouton : All Files (!important!) 

Clique maintenant sur le bouton Kill (cercle rouge avec un X blanc) 
Killbox va te demander "...Would like to Reboot now ?", clique YES et attends le redémarrage. 
Si tu ne reçois pas ce message, redémarre le PC normalement. 

2/ Supprime ce dossier : 

C:\!KillBox 

3/ Vide ta corbeille et redémarre ton pc

teemu · Answer

Bonjour, 
Voici, j'ai fait comme expliqué ci-dessus et voila ce que me dit KillBox,


---------------------------
PendingFileRenameOperations
---------------------------
PendingFileRenameOperations Registry Data has been Removed by External Process!
---------------------------
OK   
---------------------------
Je suis sur d'avoir supprimé ces fichiers comme demandé message 26,
Je te poste le rapport Antivir au plus vite.

clownface · Answer

ok dans ce cas tu pourras cocher/fixer ces lignes avec hijakcthis :

O4 - HKLM\..\Run: [jczmxwfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jczmxwfu.dll"
O4 - HKLM\..\Run: [zmjaleju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zmjaleju.dll"
O4 - HKLM\..\Run: [hynmtghs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hynmtghs.dll"
O4 - HKLM\..\Run: [otijinob] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otijinob.dll"

teemu · Answer

Bonjour, 

ok lignes fixées avec hijackThis,
Voici le rapport Antivir :
AntiVir PersonalEdition Classic
Report file date: dimanche 18 novembre 2007  18:37

Scanning for 835736 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         SYSTEM
Computer name:    BM7ACOQIYXN0X1B

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes  13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1        2048 Bytes  13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2        2048 Bytes  13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15    2806272 Bytes  17/09/2007 17:43:56
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes  03/08/2007 08:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 18 novembre 2007  18:37

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NAVICL~1.EXE' - '1' Module(s) have been scanned
Scan process 'UStorSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'naviagent.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\uytp.exe
      [DETECTION] Contains detection pattern of the worm WORM/Rbot.69120.5
      [INFO]      The file was moved to '47b4886b.qua'!


End of the scan: dimanche 18 novembre 2007  19:46
Used time:  1:09:02 min

The scan has been done completely.

   7957 Scanning directories
 316647 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 316646 Files not concerned
   1851 Archives were scanned
      1 Warnings
     54 Notes





Et dernier rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:12, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VeriSign\NAVI
aviagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI
aviagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

clownface · Answer

ton rapport hijackthis est propre, tu as encore des soucis ?

il te reste  java à mettre à jour : http://www.commentcamarche.net/forum/affich 3711157 maj critique java par jalobservateur#0

teemu · Answer

Bonjour, 

Plus de soucis, Maj java ok

Merci beaucoup de ta patience, et de ton investissement : Un grand bravo.

Spyware tenace

37 réponses

Votre réponse

Newsletters