Cid spam

bulledesavon73 Messages postés 1 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,

Je ne parviens pas à me débarasser de cid spam j'ai effectué un scan avec Hijack le voici si quelqu'un peut m'aider :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:24, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\bias flaw.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [open fork] C:\DOCUME~1\DELLAR~1.DEL\APPLIC~1\STORES~1\Bib logo hole.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3446 bytes
Configuration: Windows XP
Firefox 2.0.0.12

21 réponses

  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut,

    Télécharge ceci: (by Moe) :

    http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

    Double clic sur Lopxpsetup.exe pour lancer l'installation
    Au menu, choisir l'option 1
    Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
    Une rapport sera alors crée, à copie/colle en entier sur le forum.

    @+
    0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    De rien post le rapport quand tu pourras.

    @+
    0
  3. bulledesavon73
     
    oups le problème continue... voici le rapport .. merci pour ton aide A bientôt
    # Rapport Lopxp fait le 12/02/2008 à 20:13:24
    # Exécuté dans : C:\Program Files\Lopxp
    # Version 3.06 - Maj du 05/02/2008

    Killing 'iexplore.exe'
    "C:\Program Files\Internet Explorer\iexplore.exe" (1816)
    "C:\Program Files\Internet Explorer\iexplore.exe" (2036)

    ========== Listing des dossiers Application Data

    +- C:\Documents and Settings\All Users\Application Data

    2008-02-11 à 09:51:07 - Adobe
    2007-09-16 à 16:10:54 - AntiVir PersonalEdition classic
    2006-05-25 à 12:13:52 - Apple Computer
    2003-12-12 à 12:35:46 - CyberLink
    2008-01-18 à 11:01:19 - flag ace stupid data
    2008-01-28 à 14:33:04 - Google
    2008-02-11 à 11:00:00 - Grisoft
    2008-01-28 à 14:11:41 - Microsoft
    2006-02-18 à 22:04:15 - MSN Search Toolbar
    2005-05-28 à 19:38:22 - MSN6
    2006-10-03 à 21:22:13 - pixelStorm
    2003-12-14 à 14:54:23 - QuickTime
    2003-09-11 à 13:38:09 - SBSI
    2005-05-28 à 12:57:48 - Spybot - Search & Destroy
    2007-07-23 à 10:45:06 - TEMP
    2007-01-15 à 18:17:35 - TuneUp Software
    2005-12-27 à 20:02:48 - Windows Genuine Advantage
    2006-11-04 à 20:34:41 - Windows Live Toolbar
    2007-07-07 à 14:37:10 - WindowsLiveInstaller
    2008-02-08 à 00:42:46 - WinZip
    2008-02-04 à 12:55:01 - WLInstaller
    2005-09-04 à 19:29:45 - yahoo!
    2005-09-07 à 11:41:02 - Yahoo! Companion

    +- C:\Documents and Settings\Della Rosa.DELLAROSA\Application Data

    2008-01-28 à 11:36:27 - Adobe
    2007-01-20 à 11:04:10 - AdobeUM
    2003-10-23 à 16:02:54 - Ahead
    2006-05-25 à 12:06:13 - Apple Computer
    2003-12-12 à 16:12:22 - CyberLink
    2007-01-09 à 18:18:28 - Google
    2008-02-11 à 11:00:41 - Grisoft
    2007-12-03 à 13:39:25 - gtk-2.0
    2006-06-08 à 09:21:28 - Help
    2005-05-30 à 12:36:47 - Hewlett-Packard
    2003-09-11 à 13:33:33 - Identities
    2003-09-11 à 15:10:16 - InterTrust
    2007-05-29 à 17:37:20 - Kingston
    2007-06-10 à 19:32:12 - Lavasoft
    2006-11-03 à 17:24:56 - LG Electronics
    2006-04-01 à 08:16:21 - Macromedia
    2007-12-17 à 11:38:38 - Microsoft
    2005-06-22 à 15:21:17 - Microsoft Web Folders
    2005-12-01 à 09:34:11 - Mozilla
    2006-11-05 à 12:19:16 - MSN Search Toolbar
    2007-03-20 à 19:23:46 - MSN6
    2007-11-09 à 22:22:40 - MySpace
    2005-06-01 à 20:27:34 - Opera
    2005-12-04 à 14:15:21 - Real
    2007-02-21 à 18:38:19 - SecondLife
    2008-01-27 à 20:00:53 - Store Scr Audio
    2005-05-28 à 19:35:43 - Thunderbird
    2007-01-15 à 18:18:46 - TuneUp Software
    2008-02-09 à 00:12:04 - vlc
    2007-03-01 à 21:11:04 - VoipCheapCom

    +- C:\Documents and Settings\Della Rosa.DELLAROSA\Local Settings\Application Data

    2007-07-03 à 13:48:43 - Adobe
    2006-05-25 à 12:05:26 - Apple Computer
    2007-09-26 à 11:54:48 - ApplicationHistory
    2006-09-30 à 09:41:11 - Google
    2007-06-09 à 13:21:23 - Help
    2005-07-03 à 22:21:12 - Identities
    2008-01-21 à 11:38:33 - Microsoft
    2006-04-16 à 09:14:25 - Mozilla
    2007-01-22 à 20:36:29 - OD2
    2007-10-06 à 18:46:28 - PCHealth
    2003-09-11 à 17:04:48 - WMTools Downloaded Files

    +- C:\Documents and Settings\Propri‚taire\Application Data

    2005-06-02 à 20:47:59 - Real

    ========== Listing du dossier Program Files

    +- C:\Program Files

    2006-05-21 à 08:02:06 - Acetic
    2008-02-11 à 09:50:24 - Adobe
    2005-12-27 à 19:01:12 - Ahead
    2008-02-11 à 19:26:57 - AntiVir PersonalEdition Classic
    2003-12-12 à 12:31:24 - ATI Technologies
    2003-12-12 à 12:30:02 - C-Media 3D Audio
    2005-05-28 à 12:47:21 - CA
    2006-08-06 à 08:48:05 - Canon
    2006-02-28 à 17:21:30 - Cegetel
    2008-02-11 à 09:59:46 - Cleaner 5 EZ
    2003-10-09 à 10:39:45 - Common Files
    2003-09-11 à 13:31:08 - ComPlus Applications
    2003-12-12 à 12:35:44 - CyberLink
    2005-06-01 à 21:54:35 - directx
    2007-06-10 à 20:04:22 - Emoticons-plus.com
    2007-07-11 à 17:47:02 - eMule
    2007-05-22 à 19:01:41 - EZFace
    2005-05-28 à 14:27:56 - F-Secure Internet Security
    2007-11-13 à 15:01:38 - Fichiers communs
    2008-01-29 à 10:26:23 - Google
    2005-11-21 à 19:01:43 - Google(2)
    2005-11-14 à 22:24:14 - Google(3)
    2008-02-11 à 10:59:46 - Grisoft
    2005-05-30 à 12:35:54 - Hewlett-Packard
    2003-12-08 à 15:24:51 - HighMAT CD Writing Wizard
    2007-05-08 à 14:23:18 - InstallShield Installation Information
    2007-12-11 à 20:08:51 - Internet Explorer
    2005-05-28 à 19:47:28 - Java
    2005-05-29 à 11:13:57 - Java Web Start
    2007-06-10 à 19:32:03 - Lavasoft
    2006-11-03 à 17:11:34 - LG Electronics
    2006-11-03 à 16:33:11 - LG PC Suite
    2008-02-12 à 19:13:27 - Lopxp
    2007-12-17 à 11:38:34 - Macrogaming
    2007-05-28 à 06:59:24 - Messenger
    2005-06-22 à 15:20:57 - microsoft frontpage
    2005-06-22 à 15:21:17 - Microsoft Office
    2008-01-21 à 11:32:27 - Microsoft SQL Server Compact Edition
    2003-09-11 à 17:00:03 - Microsoft Works
    2005-06-22 à 13:42:24 - Movie Maker
    2008-02-12 à 19:06:42 - Mozilla Firefox
    2003-09-11 à 13:30:32 - MSN
    2006-02-18 à 22:04:55 - MSN Apps
    2003-09-11 à 13:30:24 - MSN Gaming Zone
    2006-11-04 à 20:27:54 - MSN Toolbar Suite
    2007-11-13 à 21:49:29 - MySpace
    2008-02-11 à 13:21:44 - Navilog1
    2005-06-22 à 13:36:38 - NetMeeting
    2005-06-01 à 11:32:27 - Netscape
    2006-03-07 à 22:09:07 - NoAdware3
    2005-07-05 à 20:05:43 - Nouveau dossier
    2003-12-12 à 13:49:50 - Nullsoft
    2003-12-12 à 15:53:32 - OfficeUpdate11
    2006-12-07 à 20:38:13 - Opera
    2007-06-13 à 10:53:32 - Outlook Express
    2006-05-25 à 12:04:13 - QuickTime
    2003-12-12 à 13:49:35 - Real
    2007-07-23 à 10:56:53 - Registry Mechanic
    2008-02-11 à 10:40:53 - RegistryFix
    2005-05-28 à 13:00:07 - SAGEM
    2003-09-11 à 13:31:53 - Services en ligne
    2003-12-12 à 13:48:08 - SiSLan
    2008-01-21 à 21:04:48 - sophie
    2007-07-16 à 11:00:39 - Spybot - Search & Destroy
    2008-01-18 à 11:00:42 - Store Scr Audio
    2008-02-11 à 10:03:11 - Trend Micro
    2007-09-04 à 20:20:00 - TuneUp Utilities 2007
    2003-09-11 à 16:06:58 - Uninstall Information
    2008-02-09 à 00:06:44 - VideoLAN
    2003-12-12 à 13:49:52 - Viewpoint
    2006-09-19 à 18:48:52 - Vimicro
    2006-03-11 à 23:49:47 - Winamp
    2003-09-11 à 15:14:33 - Windows Journal Viewer
    2008-01-21 à 11:36:52 - Windows Live
    2008-01-27 à 22:59:51 - Windows Live Safety Center
    2008-01-28 à 14:38:03 - Windows Live Toolbar
    2005-06-01 à 21:54:56 - Windows Media Components
    2006-12-29 à 23:13:42 - Windows Media Connect 2
    2006-12-30 à 19:18:23 - Windows Media Player
    2005-06-22 à 13:36:29 - Windows NT
    2005-05-30 à 11:25:45 - WindowsUpdate
    2007-06-09 à 13:21:24 - WinRAR
    2008-01-28 à 15:00:03 - WinZip
    2003-09-11 à 13:33:36 - xerox
    2005-09-04 à 19:29:33 - Yahoo!

    ========== Tâches planifiées

    1-Click Maintenance.job: C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart
    AB4525E9918ADB99.job: c:\docume~1\dellar~1.del\applic~1\stores~1\Global 1 Meta.exe

    ========== Clés registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "open fork"="C:\DOCUME~1\DELLAR~1.DEL\APPLIC~1\STORES~1\Bib logo hole.exe"

    ========== Bloqueur popups Internet Explorer

    www.host-domain-lookup.com
    searchweb2.com
    www.searchweb2.com

    ========== Suggestion ( /!\ Nécessite une interprétation.) ==========

    C:\Documents and Settings\All Users\Application Data\flag ace stupid data
    C:\Documents and Settings\Della Rosa.DELLAROSA\Application Data\Store Scr Audio
    C:\Program Files\Store Scr Audio
    C:\WINDOWS\tasks\AB4525E9918ADB99.job

    +- Registre:

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "open fork"=-

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow]
    "host-domain-lookup.com"=-
    "www.host-domain-lookup.com"=-
    "searchweb2.com"=-
    "www.searchweb2.com"=-

    - Fin du rapport -
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut,

    Démarrer

    Exécuter

    puis copier/coller :

    "%programfiles%\Lopxp\Lopxp.bat" /Fixme Guillemets y compris très important

    puis valide, et poste le rapport stp

    @+
    0
  6. bulledesavon73
     
    Salut,

    C'est bon j'ai suivi tes instructions j'ai supprimé le supid data.

    Je pense que maintenant c'est bon .... un grand merci
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    Re,

    ok tres bien ,-)

    repost un hijack this stp

    @´+
    0
  8. bulledesavon73
     
    Bonjour,

    Voici le nouveau rapport de Hijack ... je pense qu'il y a encore des problèmes ... qu'elle vacherie ce truc Merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:23:27, on 13/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKCU\..\Run: [open fork] C:\DOCUME~1\DELLAR~1.DEL\APPLIC~1\STORES~1\Bib logo hole.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut bulle de savon 73,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    @+
    0
  10. bulledesavon73
     
    Bonjour,

    Voici le rapport :ComboFix 08-02-14.2 - Della Rosa 2008-02-14 12:47:23.1 - NTFSx86
    Endroit: C:\Documents and Settings\Della Rosa.DELLAROSA\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-12 14:03 . 2008-02-12 22:47 <REP> d-------- C:\Program Files\Lopxp
    2008-02-11 12:00 . 2008-02-11 12:00 <REP> d-------- C:\Documents and Settings\Della Rosa.DELLAROSA\Application Data\Grisoft
    2008-02-11 12:00 . 2008-02-11 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-11 12:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-11 11:03 . 2008-02-11 11:03 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-09 01:12 . 2008-02-09 01:12 <REP> d-------- C:\Documents and Settings\Della Rosa.DELLAROSA\Application Data\vlc
    2008-02-09 01:06 . 2008-02-09 01:06 <REP> d-------- C:\Program Files\VideoLAN
    2008-01-28 15:59 . 2008-02-08 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-21 12:37 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-01-21 12:32 . 2008-01-21 12:32 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-01-18 12:00 . 2008-01-18 12:00 <REP> d-------- C:\Program Files\Store Scr Audio

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-11 13:21 --------- d-----w C:\Program Files\Navilog1
    2008-02-11 10:40 --------- d-----w C:\Program Files\RegistryFix
    2008-02-11 09:59 --------- d-----w C:\Program Files\Cleaner 5 EZ
    2008-02-11 09:51 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-04 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-29 10:26 --------- d-----w C:\Program Files\Google
    2008-01-28 14:38 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-01-27 22:59 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-01-27 20:00 --------- d-----w C:\Documents and Settings\Della Rosa.DELLAROSA\Application Data\Store Scr Audio
    2008-01-21 21:04 --------- d-----w C:\Program Files\sophie
    2008-01-21 11:36 --------- d-----w C:\Program Files\Windows Live
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-17 11:38 --------- d-----w C:\Program Files\Macrogaming
    2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2006-10-20 19:43 3,889,824 ----a-w C:\Program Files\SweetImSetup.exe
    2006-08-06 08:50 8,782,848 -c--a-w C:\Program Files\IxusicugFRE.exe
    2006-08-06 08:45 5,787,667 -c--a-w C:\Program Files\k620emux.exe
    2006-07-25 09:00 5,675 -c--a-w C:\Program Files\attachment(3)
    2006-06-27 13:43 170,894 -c--a-w C:\Program Files\attachment(2)
    2006-06-26 14:59 1,683 ----a-w C:\Program Files\L'ADSL de Cegetel.lnk
    2006-06-26 08:47 1,744 ----a-w C:\Program Files\Adobe Reader 7.0.lnk
    2006-06-13 14:38 1,431 -c--a-w C:\Program Files\attachment
    2006-04-02 11:46 21,254,280 ----a-w C:\Program Files\AdbeRdr707_en_US.exe
    2006-04-02 00:21 5,846,632 -c--a-w C:\Program Files\winzip100.exe
    2006-04-01 08:04 2,871,488 -c--a-w C:\Program Files\Shockwave_Installer_Slim.exe
    2006-03-11 16:21 4,677,596 -c--a-w C:\Program Files\eMule0.47a-Installer.exe
    2006-03-07 21:49 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
    2006-03-06 11:34 3,780,096 -c--a-w C:\Program Files\ow32enen853.exe
    2006-03-04 19:34 5,564,800 -c--a-w C:\Program Files\winamp52_full.exe
    2005-11-08 10:23 21 -c--a-w C:\Program Files\AVPersonalAVWIN.INI
    2005-07-05 20:12 77,642 -c--a-w C:\Program Files\ClipArt.cil
    2005-07-05 20:09 104,332 -c--a-w C:\Program Files\ClipArt.mpf
    2005-07-03 22:06 42,958 -c--a-w C:\Program Files\ClipArt1.cil
    2005-07-01 18:20 876,104 ----a-w C:\Program Files\DirectX9-KB819696-x86-FRA.exe
    2005-07-01 18:11 315,624 -c--a-w C:\Program Files\dxwebsetup.exe
    2005-06-23 23:09 8,288,360 -c--a-w C:\Program Files\zlsSetup_55_109_000.exe
    2005-06-23 23:05 7,066,851 -c--a-w C:\Program Files\Skype_1.0.0.24.dmg
    2005-06-05 11:55 28,591,248 -c--a-w C:\Program Files\NSSetup-Full.exe
    2005-06-01 20:27 3,765,594 -c--a-w C:\Program Files\ow32enen800.exe
    2005-05-28 13:56 57,762,572 -c--a-w C:\Program Files\fsis2005f-04.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "open fork"="C:\DOCUME~1\DELLAR~1.DEL\APPLIC~1\STORES~1\Bib logo hole.exe" [2008-01-18 12:00 455168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-30 10:40 185784]
    "BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-10-17 16:45 61440]

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-16 17:06]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-16 17:06]
    R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 15:29]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 16:44]
    R3 ZSMC303;Vimicro USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys [2005-11-11 15:45]
    S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 15:27]
    S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 15:41]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
    S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6cc59c2-d40d-11dc-8831-00038a000015}]
    \Shell\AutoRun\command - setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-14 16:44:14 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-02-14 00:00:00 C:\WINDOWS\Tasks\AB4525E9918ADB99.job"
    - c:\docume~1\dellar~1.del\applic~1\stores~1\Global 1 Meta.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-14 12:54:09
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

    Balayage des fichiers cachés ...

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-14 12:59:15
    ComboFix-quarantined-files.txt 2008-02-14 11:58:18
    .
    2008-02-13 22:54:29 --- E O F ---

    Merci à bientôt
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut bulle de savon,

    post un nouveau hijack this stp

    @+
    0
  12. Fredo35
     
    bonjour j'ai le meme souci des page de spam CID sous vista pouvez bous m'aider ?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:48:36, on 21/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
    C:\Windows\vphc710.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Steam\Steam.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
    C:\Users\frederic\AppData\Local\wfzsxnpnjg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
    O4 - HKLM\..\Run: [phc710] C:\Windows\vphc710.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S8BFA.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [wfzsxnpnjg] c:\users\frederic\appdata\local\wfzsxnpnjg.exe wfzsxnpnjg
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [amen thunk] "C:\ProgramData\LESS ROAD ROAD.da4gvna"
    O4 - HKCU\..\Run: [else tool title ping] "C:\ProgramData\Rule Meet Debug.azix6"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD8C7033-8B4D-4873-AFF0-E6D215AC4CBC}: NameServer = 80.10.246.2,80.10.246.129
    O18 - Protocol: bw+0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
    O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut,

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter

    en tant qu'administrateur".

    Au menu principal, Fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche le blocnote va s'ouvrir.
    Copie-colle l'intégralité du rapport dans une réponse.
    Referme le blocnote
    Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.

    puis

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau rapport hijack this.

    Post donc les trois rapports.

    @+
    0
  14. Fredo35
     
    bonjour,

    lorsque je fait :

    Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

    sa ne m'affiche rien il y a t'il une solution pour résoudre ce problème

    merci.
    0
  15. Fredo35
     
    dsl pour le double post j'ai réussi en fin de compte

    Search Navipromo version 3.4.6 commencé le 2008-02-22 à 12:56:31.04

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 20.02.2008 à 20h00 par IL-MAFIOSO

    Microsoft Windows Vista 6.0.6000
    Internet Explorer : 7.0.6000.16609
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans C:\Windows ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\ProgramData ***

    *** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***

    *** Recherche dossiers dans C:\Users\frederic\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs ***

    *** Recherche dossiers dans C:\Users\frederic\AppData\Local\virtualstore\Program Files ***

    *** Recherche dossiers dans C:\Users\frederic\AppData\Roaming ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Fichier(s) caché(s) :

    C:\Users\frederic\AppData\Local\wfzsxnpnjg.dat
    C:\Users\frederic\AppData\Local\wfzsxnpnjg.exe
    C:\Users\frederic\AppData\Local\wfzsxnpnjg_nav.dat
    C:\Users\frederic\AppData\Local\wfzsxnpnjg_navps.dat

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\Windows\system32 *

    * Recherche dans C:\Users\frederic\AppData\Local\Microsoft *

    * Recherche dans C:\Users\frederic\AppData\Local *

    Fichiers trouvés :

    wfzsxnpnjg.exe trouvé !

    *** Recherche fichiers ***

    C:\Windows\system32\nvs2.inf trouvé !

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans C:\Windows\system32 :

    * Dans C:\Users\frederic\AppData\Local\Microsoft :

    * Dans C:\Users\frederic\AppData\Local :

    wfzsxnpnjg.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup trouvé !

    4)Recherche fichiers connus :

    *** Analyse terminée le 2008-02-22 à 13:05:25.10 ***
    0
  16. Fredo35
     
    ComboFix 08-02-22.2 - frederic 2008-02-22 13:10:03.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1155 [GMT 1:00]
    Endroit: C:\Users\frederic\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\Users\frederic\AppData\Local\wfzsxnpnjg.dat
    C:\Users\frederic\AppData\Local\wfzsxnpnjg.exe
    c:\Users\frederic\AppData\Local\wfzsxnpnjg_nav.dat
    c:\Users\frederic\AppData\Local\wfzsxnpnjg_navps.dat
    C:\Windows\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-22 12:16 . 2008-02-22 13:07 <REP> d-------- C:\Program Files\Navilog1
    2008-02-21 19:48 . 2008-02-21 19:48 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-21 19:39 . 2008-02-21 19:39 <REP> d-------- C:\Windows\System32\Kaspersky Lab
    2008-02-21 19:31 . 2008-02-21 19:31 <REP> d-------- C:\Program Files\Lopxp
    2008-02-21 19:28 . 2008-02-21 19:28 <REP> d-------- C:\Program Files\Lop SD
    2008-02-19 20:53 . 2008-02-19 20:54 <REP> d-------- C:\Users\All Users\Lavasoft
    2008-02-19 20:53 . 2008-02-19 20:54 <REP> d-------- C:\ProgramData\Lavasoft
    2008-02-19 20:53 . 2008-02-19 20:53 <REP> d-------- C:\Program Files\Lavasoft
    2008-02-16 17:16 . 2008-02-16 17:16 <REP> d-------- C:\Program Files\Common Files\INCA Shared
    2008-02-16 15:36 . 2008-02-16 15:36 85,520 --a------ C:\Windows\System32\drivers\bdfndisf.sys
    2008-02-16 15:35 . 2008-02-16 15:35 77,824 --a------ C:\Windows\System32\xcomm.dll
    2008-02-16 14:44 . 2008-02-16 14:44 <REP> d-------- C:\Users\frederic\AppData\Roaming\BitDefender
    2008-02-16 14:33 . 2008-02-16 14:44 <REP> d-------- C:\Users\All Users\BitDefender
    2008-02-16 14:33 . 2008-02-16 14:44 <REP> d-------- C:\ProgramData\BitDefender
    2008-02-16 14:33 . 2008-02-16 14:33 <REP> d-------- C:\Program Files\BitDefender
    2008-02-16 14:32 . 2008-02-16 14:33 <REP> d-------- C:\Program Files\Common Files\BitDefender
    2008-02-16 10:37 . 2008-02-16 10:43 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
    2008-02-16 10:37 . 2008-02-16 10:37 <REP> d-------- C:\Program Files\Samsung
    2008-02-16 10:37 . 2005-08-30 17:59 94,000 --a------ C:\Windows\System32\drivers\ss_mdm.sys
    2008-02-16 10:37 . 2005-08-30 17:57 58,320 --a------ C:\Windows\System32\drivers\ss_bus.sys
    2008-02-16 10:37 . 2005-08-30 17:58 8,304 --a------ C:\Windows\System32\drivers\ss_mdfl.sys
    2008-02-16 10:37 . 2005-08-30 17:58 6,144 --a------ C:\Windows\System32\drivers\ss_cmnt.sys
    2008-02-16 10:37 . 2005-08-30 17:58 6,144 --a------ C:\Windows\System32\drivers\ss_cm.sys
    2008-02-16 10:37 . 2005-08-30 17:57 5,808 --a------ C:\Windows\System32\drivers\ss_whnt.sys
    2008-02-16 10:37 . 2005-08-30 17:57 5,808 --a------ C:\Windows\System32\drivers\ss_wh.sys
    2008-02-16 10:37 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
    2008-02-16 08:48 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-02-15 01:50 . 2008-02-15 01:50 <REP> d-------- C:\Users\frederic\AppData\Roaming\BitZipper
    2008-02-15 01:49 . 2008-02-15 01:50 <REP> d-------- C:\Program Files\BitZipper
    2008-02-14 03:07 . 2008-02-14 03:07 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-14 03:07 . 2008-02-14 03:07 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-14 03:03 . 2008-02-14 03:03 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 03:03 . 2008-02-14 03:03 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-02-07 23:35 . 2008-02-07 23:35 <REP> d-------- C:\Users\frederic\[u]0/u48298C9A4D3490B9FF9AB023A9238F3.TMP
    2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\Users\All Users\NVIDIA
    2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\ProgramData\NVIDIA
    2008-02-07 22:28 . 2008-02-07 22:28 <REP> d-------- C:\NVIDIA
    2008-02-04 20:29 . 2008-02-04 20:29 <REP> d-------- C:\Users\frederic\.thumbnails
    2008-02-02 17:08 . 2008-02-02 17:08 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-02-01 19:38 . 2008-02-17 11:40 <REP> d-------- C:\Users\All Users\second blue bold
    2008-02-01 19:38 . 2008-02-17 11:40 <REP> d-------- C:\Users\All Users\Loud spam else tool
    2008-02-01 19:38 . 2008-02-17 11:40 <REP> d-------- C:\ProgramData\second blue bold
    2008-02-01 19:38 . 2008-02-17 11:40 <REP> d-------- C:\ProgramData\Loud spam else tool
    2008-01-31 17:48 . 2008-02-10 03:45 <REP> d-------- C:\Users\frederic\AppData\Roaming\gtk-2.0
    2008-01-31 17:45 . 2008-02-10 03:45 <REP> d-------- C:\Users\frederic\.gimp-2.4
    2008-01-31 17:43 . 2008-01-31 17:43 <REP> d-------- C:\Program Files\GIMP-2.0
    2008-01-30 01:35 . 2008-01-30 01:35 <REP> d-------- C:\Program Files\Norton Security Scan

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-22 11:50 --------- d-----w C:\Users\frederic\AppData\Roaming\teamspeak2
    2008-02-22 11:43 --------- d-----w C:\Program Files\Steam
    2008-02-19 19:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-16 09:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-14 22:42 --------- d-----w C:\Program Files\Common Files\Steam
    2008-02-14 02:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 02:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 02:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 02:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 02:01 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 02:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 02:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 02:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-07 21:55 --------- d-----w C:\Program Files\Java
    2008-01-25 22:43 3,974 --sha-w C:\Windows\System32\KGyGaAvL.sys
    2008-01-20 15:28 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-01-20 15:28 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-01-13 18:47 3,569,155 ----a-w C:\Users\frederic\pilotes_4.23.0.0_whql_4092.exe
    2008-01-11 07:20 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-11 07:20 --------- d-----w C:\Program Files\Windows Mail
    2008-01-11 07:16 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-11 07:16 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-11 07:15 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-09 22:55 --------- d-----w C:\Program Files\MioNet
    2008-01-09 19:23 --------- d-----w C:\Program Files\PlayLinc
    2008-01-09 19:09 --------- d-----w C:\Program Files\UBISOFT
    2008-01-09 17:32 --------- d-----w C:\Program Files\Philips
    2008-01-07 16:41 196,368 ----a-w C:\Windows\system32\drivers\bdfsfltr.sys
    2007-12-29 18:30 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
    2007-12-29 18:30 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
    2007-12-29 18:30 --------- d-----w C:\Program Files\OpenAL
    2007-12-29 18:30 --------- d-----w C:\Program Files\Eidos
    2007-12-18 19:33 234,279 ----a-w C:\Windows\RS_source Uninstaller.exe
    2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
    2007-12-13 17:50 18,620,376 ----a-w C:\Users\frederic\setupfre.exe
    2007-12-13 17:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-13 17:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-13 17:30 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
    2007-11-27 17:59 57,442 ----a-w C:\Windows\BricoPackUninst.cmd
    2007-11-27 17:59 5,253 ----a-w C:\Windows\BricoPackFoldersDelete.cmd
    2007-11-26 19:37 22,328 ----a-w C:\Users\frederic\AppData\Roaming\PnkBstrK.sys
    2007-11-26 19:36 674,600 ----a-w C:\Windows\System32\pbsvc.exe
    2007-11-26 19:36 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2007-08-29 22:45 174 --sha-w C:\Program Files\desktop.ini
    2007-08-03 16:04 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    {381FFDE8-2394-4F90-B10D-FC6124A40F8C}

    [HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
    [HKEY_CLASSES_ROOT\BitDefender Toolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 08:15 1232896]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-02 20:51 32768]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Steam"="c:\program files\steam\steam.exe" [2008-02-16 15:00 1266936]
    "EPSON Stylus DX8400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 07:00 182272]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
    "amen thunk"="C:\ProgramData\LESS ROAD ROAD.da4gvna" [ ]
    "else tool title ping"="C:\ProgramData\Rule Meet Debug.azix6" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-11 13:02 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 16:10 4468736 C:\Windows\RtHDVCpl.exe]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-15 03:03 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 03:03 8429568]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 03:03 81920]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 08:48 94208 C:\Windows\KHALMNPR.Exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 17:41 110592]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 14:54 16896]
    "phc710"="C:\Windows\vphc710.exe" [2006-10-16 10:18 344064]
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 15:36 360448]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    RocketDock.lnk - C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^frederic^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^frederic^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
    path=C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
    backup=C:\Windows\pss\UberIcon.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^frederic^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Y'z Shadow.lnk]
    path=C:\Users\frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Y'z Shadow.lnk
    backup=C:\Windows\pss\Y'z Shadow.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2006-12-23 17:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2007-06-11 15:03 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe

    R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-16 15:35]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
    R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-05-24 23:53]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-02-16 15:36]
    R3 bdfsfltr;bdfsfltr;C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-01-07 17:41]
    R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-02-16 15:36]
    R3 phc710;USB PC Camera (SPC710NC);C:\Windows\system32\DRIVERS\phc710.sys [2006-10-16 10:34]
    R3 scan;BitDefender Threat Scanner;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
    S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 10:39]
    S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 10:38]
    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 10:38]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-14 23:41]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \shell\Auto\command - AdobeR.exe e
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-30 07:09:20 C:\Windows\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-02-21 21:33:37 C:\Windows\Tasks\User_Feed_Synchronization-{8864C09F-EE18-4683-8566-940102E3B406}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-02-22 11:17:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-22 13:11:11
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-22 13:11:47
    ComboFix-quarantined-files.txt 2008-02-22 12:11:46
    .
    2008-02-16 08:03:30 --- E O F ---
    0
  17. Fredo35
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:13:40, on 22/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
    C:\Windows\vphc710.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
    O4 - HKLM\..\Run: [phc710] C:\Windows\vphc710.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S8BFA.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [amen thunk] "C:\ProgramData\LESS ROAD ROAD.da4gvna"
    O4 - HKCU\..\Run: [else tool title ping] "C:\ProgramData\Rule Meet Debug.azix6"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD8C7033-8B4D-4873-AFF0-E6D215AC4CBC}: NameServer = 80.10.246.2,80.10.246.129
    O18 - Protocol: bw+0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {50C3729B-ABA7-44C3-8EE3-4AFFB46F7363} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
    O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  18. bulledesavon73
     
    Coucou,

    J'ai toujours le problème avec Cid (la vacherie)...

    Merci de votre aide
    0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bonjour Bulle de savon,

    Repost un loxp stp, si tu ne l´as plus :

    Télécharge ceci: (by Moe) :

    http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

    Double clic sur Lopxpsetup.exe pour lancer l'installation
    Au menu, choisir l'option 1
    Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
    Une rapport sera alors crée, à copie/colle en entier sur le forum.

    @+
    0
  20. bulledesavon73
     
    Bonjour,

    Voici le rapport ... merci d'avance

    # Rapport Lopxp fait le 23/02/2008 à 11:35:14
    # Exécuté dans : C:\Program Files\Lopxp
    # Version 3.08 - Maj du 15/02/2008

    Killing 'iexplore.exe'
    "C:\Program Files\Internet Explorer\iexplore.exe" (1800)
    "C:\Program Files\Internet Explorer\iexplore.exe" (1564)

    ========== FixLog ==========

    +- C:\Documents and Settings\All Users\Application Data\flag ace stupid data
    Choix utilisateur : Suppression acceptée.
    Déplacé avec succès.

    ========== Listing des dossiers Application Data

    +- C:\Documents and Settings\All Users\Application Data

    2008-02-11 à 09:51:07 - Adobe
    2007-09-16 à 16:10:54 - AntiVir PersonalEdition classic
    2006-05-25 à 12:13:52 - Apple Computer
    2003-12-12 à 12:35:46 - CyberLink
    2008-02-16 à 16:00:38 - flag ace stupid data
    2008-01-28 à 14:33:04 - Google
    2008-02-11 à 11:00:00 - Grisoft
    2008-01-28 à 14:11:41 - Microsoft
    2006-02-18 à 22:04:15 - MSN Search Toolbar
    2005-05-28 à 19:38:22 - MSN6
    2006-10-03 à 21:22:13 - pixelStorm
    2003-12-14 à 14:54:23 - QuickTime
    2003-09-11 à 13:38:09 - SBSI
    2005-05-28 à 12:57:48 - Spybot - Search & Destroy
    2007-07-23 à 10:45:06 - TEMP
    2007-01-15 à 18:17:35 - TuneUp Software
    2005-12-27 à 20:02:48 - Windows Genuine Advantage
    2006-11-04 à 20:34:41 - Windows Live Toolbar
    2007-07-07 à 14:37:10 - WindowsLiveInstaller
    2008-02-08 à 00:42:46 - WinZip
    2008-02-04 à 12:55:01 - WLInstaller
    2005-09-04 à 19:29:45 - yahoo!
    2005-09-07 à 11:41:02 - Yahoo! Companion

    +- C:\Documents and Settings\Della Rosa.DELLAROSA\Application Data

    2008-01-28 à 11:36:27 - Adobe
    2007-01-20 à 11:04:10 - AdobeUM
    2003-10-23 à 16:02:54 - Ahead
    2006-05-25 à 12:06:13 - Apple Computer
    2003-12-12 à 16:12:22 - CyberLink
    2007-01-09 à 18:18:28 - Google
    2008-02-11 à 11:00:41 - Grisoft
    2007-12-03 à 13:39:25 - gtk-2.0
    2006-06-08 à 09:21:28 - Help
    2005-05-30 à 12:36:47 - Hewlett-Packard
    2003-09-11 à 13:33:33 - Identities
    2003-09-11 à 15:10:16 - InterTrust
    2007-05-29 à 17:37:20 - Kingston
    2007-06-10 à 19:32:12 - Lavasoft
    2006-11-03 à 17:24:56 - LG Electronics
    2006-04-01 à 08:16:21 - Macromedia
    2007-12-17 à 11:38:38 - Microsoft
    2005-06-22 à 15:21:17 - Microsoft Web Folders
    2005-12-01 à 09:34:11 - Mozilla
    2006-11-05 à 12:19:16 - MSN Search Toolbar
    2007-03-20 à 19:23:46 - MSN6
    2007-11-09 à 22:22:40 - MySpace
    2005-06-01 à 20:27:34 - Opera
    2005-12-04 à 14:15:21 - Real
    2007-02-21 à 18:38:19 - SecondLife
    2008-02-16 à 16:45:13 - Store Scr Audio
    2005-05-28 à 19:35:43 - Thunderbird
    2007-01-15 à 18:18:46 - TuneUp Software
    2008-02-09 à 00:12:04 - vlc
    2007-03-01 à 21:11:04 - VoipCheapCom
    2008-02-16 à 07:12:32 - Yahoo!

    +- C:\Documents and Settings\Della Rosa.DELLAROSA\Local Settings\Application Data

    2007-07-03 à 13:48:43 - Adobe
    2006-05-25 à 12:05:26 - Apple Computer
    2007-09-26 à 11:54:48 - ApplicationHistory
    2006-09-30 à 09:41:11 - Google
    2007-06-09 à 13:21:23 - Help
    2005-07-03 à 22:21:12 - Identities
    2008-01-21 à 11:38:33 - Microsoft
    2006-04-16 à 09:14:25 - Mozilla
    2007-01-22 à 20:36:29 - OD2
    2007-10-06 à 18:46:28 - PCHealth
    2003-09-11 à 17:04:48 - WMTools Downloaded Files

    +- C:\Documents and Settings\Propri‚taire\Application Data

    2005-06-02 à 20:47:59 - Real

    ========== Listing du dossier Program Files

    +- C:\Program Files

    2008-02-15 à 12:06:41 - Acetic
    2008-02-11 à 09:50:24 - Adobe
    2005-12-27 à 19:01:12 - Ahead
    2008-02-21 à 18:05:30 - AntiVir PersonalEdition Classic
    2003-12-12 à 12:31:24 - ATI Technologies
    2003-12-12 à 12:30:02 - C-Media 3D Audio
    2005-05-28 à 12:47:21 - CA
    2006-08-06 à 08:48:05 - Canon
    2006-02-28 à 17:21:30 - Cegetel
    2008-02-11 à 09:59:46 - Cleaner 5 EZ
    2003-10-09 à 10:39:45 - Common Files
    2003-09-11 à 13:31:08 - ComPlus Applications
    2003-12-12 à 12:35:44 - CyberLink
    2005-06-01 à 21:54:35 - directx
    2007-06-10 à 20:04:22 - Emoticons-plus.com
    2007-07-11 à 17:47:02 - eMule
    2007-05-22 à 19:01:41 - EZFace
    2005-05-28 à 14:27:56 - F-Secure Internet Security
    2008-02-15 à 12:08:37 - Fichiers communs
    2008-01-29 à 10:26:23 - Google
    2005-11-21 à 19:01:43 - Google(2)
    2005-11-14 à 22:24:14 - Google(3)
    2008-02-11 à 10:59:46 - Grisoft
    2005-05-30 à 12:35:54 - Hewlett-Packard
    2003-12-08 à 15:24:51 - HighMAT CD Writing Wizard
    2007-05-08 à 14:23:18 - InstallShield Installation Information
    2008-02-13 à 22:45:50 - Internet Explorer
    2005-05-28 à 19:47:28 - Java
    2005-05-29 à 11:13:57 - Java Web Start
    2007-06-10 à 19:32:03 - Lavasoft
    2006-11-03 à 17:11:34 - LG Electronics
    2006-11-03 à 16:33:11 - LG PC Suite
    2008-02-23 à 10:35:38 - Lopxp
    2007-12-17 à 11:38:34 - Macrogaming
    2007-05-28 à 06:59:24 - Messenger
    2005-06-22 à 15:20:57 - microsoft frontpage
    2005-06-22 à 15:21:17 - Microsoft Office
    2008-01-21 à 11:32:27 - Microsoft SQL Server Compact Edition
    2003-09-11 à 17:00:03 - Microsoft Works
    2005-06-22 à 13:42:24 - Movie Maker
    2008-02-22 à 20:33:28 - Mozilla Firefox
    2003-09-11 à 13:30:32 - MSN
    2006-02-18 à 22:04:55 - MSN Apps
    2003-09-11 à 13:30:24 - MSN Gaming Zone
    2006-11-04 à 20:27:54 - MSN Toolbar Suite
    2007-11-13 à 21:49:29 - MySpace
    2008-02-11 à 13:21:44 - Navilog1
    2005-06-22 à 13:36:38 - NetMeeting
    2005-06-01 à 11:32:27 - Netscape
    2006-03-07 à 22:09:07 - NoAdware3
    2005-07-05 à 20:05:43 - Nouveau dossier
    2003-12-12 à 13:49:50 - Nullsoft
    2003-12-12 à 15:53:32 - OfficeUpdate11
    2006-12-07 à 20:38:13 - Opera
    2007-06-13 à 10:53:32 - Outlook Express
    2006-05-25 à 12:04:13 - QuickTime
    2008-02-17 à 06:55:52 - Real
    2007-07-23 à 10:56:53 - Registry Mechanic
    2008-02-11 à 10:40:53 - RegistryFix
    2005-05-28 à 13:00:07 - SAGEM
    2003-09-11 à 13:31:53 - Services en ligne
    2003-12-12 à 13:48:08 - SiSLan
    2008-01-21 à 21:04:48 - sophie
    2007-07-16 à 11:00:39 - Spybot - Search & Destroy
    2008-02-16 à 16:00:18 - Store Scr Audio
    2008-02-11 à 10:03:11 - Trend Micro
    2003-09-11 à 16:06:58 - Uninstall Information
    2008-02-09 à 00:06:44 - VideoLAN
    2003-12-12 à 13:49:52 - Viewpoint
    2006-09-19 à 18:48:52 - Vimicro
    2006-03-11 à 23:49:47 - Winamp
    2003-09-11 à 15:14:33 - Windows Journal Viewer
    2008-01-21 à 11:36:52 - Windows Live
    2008-01-27 à 22:59:51 - Windows Live Safety Center
    2008-01-28 à 14:38:03 - Windows Live Toolbar
    2005-06-01 à 21:54:56 - Windows Media Components
    2006-12-29 à 23:13:42 - Windows Media Connect 2
    2006-12-30 à 19:18:23 - Windows Media Player
    2005-06-22 à 13:36:29 - Windows NT
    2005-05-30 à 11:25:45 - WindowsUpdate
    2007-06-09 à 13:21:24 - WinRAR
    2008-01-28 à 15:00:03 - WinZip
    2003-09-11 à 13:33:36 - xerox
    2005-09-04 à 19:29:33 - Yahoo!

    ========== Tâches planifiées

    1-Click Maintenance.job: C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart
    ADD52AA9907ADFB5.job: c:\docume~1\dellar~1.del\applic~1\stores~1\Global 1 Meta.exe

    ========== Clés registre

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Stupid Data Dart Wave"="C:\Documents and Settings\All Users\Application Data\flag ace stupid data\that surf.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "open fork"="C:\DOCUME~1\DELLAR~1.DEL\APPLIC~1\STORES~1\Bib logo hole.exe"

    ========== Bloqueur popups Internet Explorer

    www.host-domain-lookup.com
    PopupMgr
    searchweb2.com
    www.searchweb2.com

    ========== Suggestion ( /!\ Nécessite une interprétation.) ==========

    C:\Documents and Settings\All Users\Application Data\flag ace stupid data
    C:\Documents and Settings\Della Rosa.DELLAROSA\Application Data\Store Scr Audio
    C:\Program Files\Store Scr Audio
    C:\WINDOWS\tasks\ADD52AA9907ADFB5.job

    +- Registre:

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Stupid Data Dart Wave"=-

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "open fork"=-

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow]
    "host-domain-lookup.com"=-
    "www.host-domain-lookup.com"=-
    "searchweb2.com"=-
    "www.searchweb2.com"=-

    - Fin du rapport -
    0
  • 1
  • 2