activation de Vista

Question

Bonjour,
J'ai un HP Slimline avec Vista Family Premium installé d'origine et donc parfaitement légal, identifié et activé par Microsoft.
Depuis quelque temps, il m'affiche dans la barre des tâches à droite : 
"Windows Vista (TM) Version d'évaluation;numéro 6001"
Puis régulièrement, une fenètre s'ouvre et affiche :
Activation de Windows
Votre licende de Windows expire dans 0 heures.
Sauvegardez vos ichiers puis installez une version de Windows Vista"

J'ai bien sur passé toute une tripotée d'antivirus, rien n'y fait.
De plus, non moins régulièrement, mon PC redémarre et au redémarrage j'ai, en plus droit au fameux "rundll32 manquant"
Que puis-je faire ?

Merci d'avance

geoffrey5 · Answer

Salut !!

pour qu on y vois plus clair, Télécharge  hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

-une fois installé, le renommer scan.exe
-Double-clic dessus 
- Clic sur "Do a system scan and save the log" 
- copier le rapport, le coller dans la réponse

geoffrey5 · Answer

oula!! tu es tres infecté, c est le moins qu on puissent dire...et je n ai jamais vu autant de lignes à fixer...

commence par ceci :

Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
 

= double-clic sur mbam-setup pour lancer l'installation 
= Installer simplement sans rien modifier 
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet 
= Clic Rechercher 
= Eventuellement décocher les disque à ne pas analyser 
= Clic Lancer l'examen 
= En fin de scan , si infection trouvée 
==> Clic Afficher résultat 
= Fermer vos applications en cours 
= Vérifier si tout est coché et clic Supprimer la sélection 

un rapport s'ouvre le copier et le coller dans la réponse 

Puis redémarrer le pc !!

Et refais un nouveau rapport hijackthis stp

jieska · Answer

merci pour ta réponse rapide et désolé de te faire faire des heures sup le samedi :-)

j'essaye de trouver une solution pour que mon PC puisse aller au bout de son analyse de malwares parce que pour l'instant il redémarre à peu près une fois par geure et donc l'antimalware n'a pas pu aller au bout de son analyse
(même en passant en mode sans échec, je suis déconnecté !!! je cherche)

jieska · Answer

re-bjr
finalement, après une bidouille sur la date système, j'ai pu aller au bout de l'analyse complète des malwares. Il n'y avait rien de plus qu'avec le scan simple dont voici les résultats
Malwarebytes' Anti-Malware 1.19
Version de la base de données: 926
Windows 6.0.6001 Service Pack 1, v.668

18:05:32 06/07/2008
mbam-log-7-6-2008 (18-05-32).txt

Type de recherche: Examen rapide
Eléments examinés: 40106
Temps écoulé: 5 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)


après réparation, je n'ai effectivement plus de problème avec l'activation de Vista
par contre l'analyse avec hijack est toujours aussi abondante !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:44, on 19/03/2008
Platform: Windows Vista SP1, v.668 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17052)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\system32	askeng.exe
C:\Windows\System32undll32.exe
C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Astase\UltraBackup\4.9\bin	htrayagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Siber Systems\AI RoboFormobotaskbaricon.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_5.42_windows_intelx86
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_5.20_windows_intelx86
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\google\googletoolbar3user.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.9.24.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CoolIrisIEHelperObject.CoolIrisIEBHO - {AD0BAB4B-212D-45D7-9E5B-CB1579132715} - C:\Program Files\CoolIris\CoolIrisIEHelperObject.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: XBTB03021 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [thnotify] "C:\Program Files\Astase\UltraBackup\4.9\bin	htrayagent.exe" /start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Cdiscount Alert] "C:\Program Files\Cdiscount\Cdiscount Alert\launcher.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Startup: Joost.lnk = C:\Program Files\Joost\xulrunner	vprunner.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: TrayMin200.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Jean\AppData\LocalLow\Dealio\kb125es\DealioSearch.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra 'Tools' menuitem: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O13 - Gopher Prefix: 
O15 - Trusted Zone: www.consoclicker.com
O15 - Trusted Zone: https://www.msn.com/fr-fr
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://consoclicker.com/TNSClickra.CAB
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: bw+0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Astase Thallium Backup Server (ThalliumServer) - Astase - C:\Program Files\Astase\UltraBackup\4.9\bin	bsd.exe
O23 - Service: ThalliumBackup Passive Agent (ThPassiveSvc) - Astase - C:\Program Files\Astase\UltraBackup\4.9\bin	hpassiveclientsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

geoffrey5 · Answer

Salut !!

tout d abord...tu as encore pleins d infections dans ton rapport donc je ne pense pas que ton probleme est résolu...

Tu n as pas fais un scan complet de malwarebytes mais un scan rapide  :s

refais en un si possible et ensuite fais ceci :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

- Va dans démarrer puis panneau de configuration 
- Double Clique sur l'icône "Comptes d'utilisateurs" 
- Clique ensuite sur désactiver et valide. 


télécharge combofix (par sUBs) ici : 

https://forospyware.com

et enregistre le sur le Bureau. 

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 
 
ensuite vas renommer hijackthis.exe en scan.exe et refais un nouveau rapport stp

jieska · Answer

merci pour ta réponse
ok je m'y mets illico et te tiens au courant mais je suis déjà content de ne plus être enquiquiné par cettesimili-activation de Vista
à +

geoffrey5 · Answer

Salut !!

ok j attends tes rapports pour les analyser

jieska · Answer

juste une précision (en attendant les résultats de la dernière manip)
après n'avoir pu faire qu'un scan rapide des malwares et avoir fixé les résultats, j'avais réussi en manipulant la date système à faire un scan approfondi qui avait indiqué aucune anomalie
mystère !!

geoffrey5 · Answer

c est bizzare parce qu une analyse complete trouve les meme fichiers infectés qu un scan rapide et meme peut etre plus..

j attends tes rapports

jieska · Answer

Re-bjr
j'ai fait la manip que tu m'as demandé et voici le résultat. J'espère que tu pourras en tirer qqchose :-)

ComboFix 08-07-12.2 - Jean 2008-07-13 13:34:00.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2000 [GMT 2:00]
Endroit: C:\Users\Jean\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Conditions générales.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Confidentialité.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Désinstaller.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
C:\Users\Jean\AppData\Local\eeyeypnb.dat
C:\Users\Jean\AppData\Local\eeyeypnb_nav.dat
C:\Users\Jean\AppData\Local\eeyeypnb_navps.dat
C:\Users\Jean\AppData\Local\ttlksmfk_navtmp.dat
C:\Users\Jean\AppData\Local\tzaankgn_nav.dat
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\cdfcace_g.dll
C:\Windows\system32\eWebControl.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))))))))
.

2008-07-13 13:32 . 2008-07-13 13:33 <REP> d-------- C:\327882R2FWJFW
2008-07-13 13:16 . 2008-07-13 13:16 <REP> d--h----- C:\Windows\PIF
2008-07-11 18:24 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-07-11 18:24 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-07-11 18:23 . 2008-07-11 18:23 <REP> d-------- C:\Users\Jean\AppData\Roaming\TuneUp Software
2008-07-11 18:23 . 2008-07-11 18:23 <REP> d-------- C:\Users\All Users\TuneUp Software
2008-07-11 18:23 . 2008-07-11 18:23 <REP> d-------- C:\ProgramData\TuneUp Software
2008-07-11 18:23 . 2008-07-11 18:23 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-11 18:23 . 2008-07-11 18:23 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-07-11 16:58 . 2008-07-11 16:58 <REP> d-------- C:\Users\All Users\Roxio
2008-07-11 16:58 . 2008-07-11 16:58 <REP> d-------- C:\ProgramData\Roxio
2008-07-11 16:57 . 2008-07-11 16:58 <REP> d-------- C:\Users\Jean\AppData\Roaming\Roxio
2008-07-11 15:34 . 2008-07-11 15:34 <REP> d-------- C:\Program Files\RegSupreme
2008-07-11 15:34 . 2008-07-11 15:34 23 --a------ C:\Windows\System32\adbbdcefd_g.ocx
2008-07-11 14:52 . 2008-07-11 14:52 <REP> d-------- C:\Program Files\ArcSoft
2008-07-11 14:43 . 2008-07-11 14:43 <REP> d-------- C:\Program Files\Common Files\Python
2008-07-11 14:37 . 1999-06-15 11:31 96,768 --a------ C:\Windows\SlantAdj.dll
2008-07-11 14:37 . 1999-12-07 02:03 73,216 --a------ C:\Windows\ADE.DLL
2008-07-11 14:37 . 1999-04-27 00:17 3,136 --a------ C:\Windows\Ade001.bin
2008-07-11 14:37 . 2000-09-08 13:31 72 -ra------ C:\Windows\System32\epDPE.ini
2008-07-11 14:30 . 2008-07-11 14:31 19,805 --a------ C:\Windows\EPSTPLOG.BAK
2008-07-10 18:56 . 2008-07-10 20:00 <REP> d-------- C:\Program Files\Ascentive
2008-07-10 18:56 . 2008-04-17 16:22 208,896 --a------ C:\Windows\System32\ConTest.dll
2008-07-10 18:56 . 2007-10-17 10:19 36,864 --a------ C:\Windows\System32\ascbalon.dll
2008-07-10 18:56 . 2007-10-17 10:19 20,480 --a------ C:\Windows\System32\SysRestore.dll
2008-07-10 18:30 . 2008-07-10 18:30 <REP> d-------- C:\Program Files\Xinek
2008-07-08 18:30 . 2008-07-08 18:30 <REP> d-------- C:\Users\All Users\PopCap
2008-07-08 18:30 . 2008-07-08 18:30 <REP> d-------- C:\ProgramData\PopCap
2008-07-08 10:42 . 2008-07-08 10:42 <REP> d-------- C:\Program Files\Virtools
2008-07-07 14:37 . 2008-07-07 14:37 441 --a------ C:\FRAGLIST.HTM
2008-07-06 10:55 . 2008-07-06 10:55 <REP> d-------- C:\Users\Jean\AppData\Roaming\Malwarebytes
2008-07-06 10:55 . 2008-07-06 10:55 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-07-06 10:55 . 2008-07-06 10:55 <REP> d-------- C:\ProgramData\Malwarebytes
2008-07-06 10:55 . 2008-07-06 10:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 10:55 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-06 10:55 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-05 16:36 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-05 16:35 . 2008-07-05 16:35 <REP> d-------- C:\Program Files\Panda Security
2008-07-05 13:07 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-07-04 18:48 . 2008-07-04 18:50 <REP> d-------- C:\Program Files\a-squared Free
2008-07-04 18:40 . 2008-07-04 18:40 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-07-04 18:40 . 2008-07-04 18:40 286,720 --a------ C:\Windows\PATCH.EXE
2008-07-04 18:40 . 2008-07-04 18:40 69,689 --a------ C:\Windows\UNZIP.DLL
2008-07-04 18:33 . 2008-07-04 18:33 <REP> d-------- C:\Windows\BDOSCAN8
2008-06-29 21:43 . 2008-06-29 21:43 <REP> d-------- C:\Users\All Users\Windows Genuine Advantage
2008-06-27 20:04 . 2008-06-27 20:04 <REP> d-------- C:\Users\All Users\Trymedia
2008-06-27 20:04 . 2008-06-27 20:04 <REP> d-------- C:\ProgramData\Trymedia
2008-06-20 09:10 . 2008-06-20 09:10 <REP> d-------- C:\Users\Jean\AppData\Roaming\GreenPrint
2008-06-20 09:00 . 2008-06-16 16:42 18,320 --a------ C:\Windows\System32\GPPDF.dll
2008-06-20 09:00 . 2008-06-16 16:43 17,296 --a------ C:\Windows\System32\gpmon.dll
2008-06-20 09:00 . 2008-06-16 16:42 16,280 --a------ C:\Windows\System32\GPMailPDF.dll
2008-06-20 08:59 . 2008-06-20 08:59 <REP> d-------- C:\Program Files\GreenPrint Technologies

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 11:32 --------- d-----w C:\Program Files\BOINC
2008-07-13 11:31 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-07-13 11:28 --------- d-----w C:\Users\Jean\AppData\Roaming\EoRezo
2008-07-12 09:24 --------- d-----w C:\Program Files\Google
2008-07-11 16:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 16:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-11 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-11 14:57 --------- d-----w C:\ProgramData\Sonic
2008-07-11 12:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 12:52 --------- d-----w C:\Program Files\EPSON
2008-07-10 13:20 --------- d-----w C:\Program Files\Ashampoo
2008-07-04 18:33 --------- d-----w C:\Users\Jean\AppData\Roaming\Joost
2008-07-04 16:40 --------- d-----w C:\Program Files\Java
2008-07-03 16:50 --------- d-----w C:\Users\Jean\AppData\Roaming\My Games
2008-07-03 16:47 --------- d-----w C:\Users\Jean\AppData\Roaming\Auslogics
2008-06-29 18:28 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2008-06-27 21:01 --------- d-----w C:\Users\Jean\AppData\Roaming\Azureus
2008-06-27 21:00 --------- d-----w C:\ProgramData\MumboJumbo
2008-06-27 17:35 --------- d-----w C:\Program Files\Azureus
2008-06-25 12:53 36,864 ----a-w C:\Windows\gotouninstall.exe
2008-06-22 20:12 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-06-22 20:12 --------- d-----w C:\Users\Jean\AppData\Roaming\DVD Profiler
2008-06-22 20:12 --------- d-----w C:\Program Files\Volumouse
2008-06-20 07:04 --------- d-----w C:\Program Files\Safari
2008-06-19 15:46 --------- d-----w C:\Users\Jean\AppData\Roaming\The Bat!
2008-06-19 15:46 --------- d-----w C:\Program Files\La cave du sommelier
2008-06-17 10:13 --------- d-----w C:\Program Files\Opera
2008-06-08 21:04 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-08 21:02 --------- d-----w C:\ProgramData\WLInstaller
2008-06-07 01:09 --------- d-----w C:\ProgramData\Messenger Plus!
2008-06-07 01:01 --------- d-----w C:\Program Files\Windows Live
2008-06-06 15:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-06 15:22 --------- d-----w C:\Program Files\Circle Developement
2008-06-06 14:46 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-02 14:25 --------- d-----w C:\ProgramData\Ashampoo
2008-06-02 13:07 --------- d-----w C:\Program Files\Bazooka Scanner
2008-05-30 08:01 --------- d-----w C:\Users\Jean\AppData\Roaming\GetRightToGo
2008-05-29 17:46 --------- d-----w C:\Program Files\Copernic Desktop Search 2
2008-05-29 07:20 --------- d-----w C:\Program Files\GOTO.games
2008-05-23 13:46 --------- d-----w C:\Users\Jean\AppData\Roaming\Filmotech
2008-05-20 15:07 --------- d-----w C:\Program Files\Glary Utilities
2008-05-20 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-19 09:37 --------- d-----w C:\Program Files\Paint.NET
2008-05-17 09:30 --------- d-----w C:\Users\Jean\AppData\Roaming\MusicNet
2008-05-15 14:15 53,168 ----a-w C:\Windows\system32\drivers\MpFilter.sys
2008-04-28 13:03 15,087,734 ----a-w C:\Users\Jean\boeing_747_classic_panel.zip
2008-03-25 08:35 1,624,008 ----a-w C:\Users\Jean\Web-MediaPlayer_setup.exe
2008-01-26 17:05 994 ----a-w C:\Users\Jean\AppData\Roaming\filterclsid.dat
2008-01-26 11:21 60,070,112 ----a-w C:\Users\Jean\MediaStudio5_5199.exe
2008-01-22 16:03 15,928,203 ----a-w C:\Users\Jean\obscure_patch_v1.1_francais_13409.exe
2008-01-03 17:11 174 --sha-w C:\Program Files\desktop.ini
2007-06-26 15:01 0 ----a-w C:\Users\Jean\AppData\Roaming\wklnhst.dat
2003-03-16 01:00 7,216 ----a-w C:\Windows\inf\RAMDISK.SYS
2002-08-26 17:54 327,680 ----a-r C:\Users\Jean\AppData\Roaming\MafiaSetup.exe
1999-04-16 19:32 123,904 ----a-w C:\Users\Jean\BOXWORLD.EXE
2007-08-16 12:52 22 --sha-w C:\Windows\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sha-r C:\Windows\System32\flvDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-11-30 05:07 202240]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 12:42 68856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-11-30 05:07 1233920]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-06-14 13:41 160592]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2007-11-30 05:07 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"thnotify"="C:\Program Files\Astase\UltraBackup\4.9\bin\thtrayagent.exe" [2007-03-19 11:50 1176064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 12:58 1069920]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-06-25 06:48 67112]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-11-30 20:41 516164]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 18:11 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2007-12-06 13:40 561152]
"DefragTaskBar"="C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 09:11 173408]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe]

C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - C:\Users\Jean\AppData\Roaming\Microsoft\Installer\{D87176E9-ECD0-48C6-8E8B-B0054781DFB4}\_2B52280D74B238E888B1F2.exe [2007-07-22 09:44:43 29926]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-10-29 17:16:14 4145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\startupfolder\C:^Users^Jean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DeliveryManager.lnk]
backup=C:\Windows\pss\DeliveryManager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xinek.lnk]
backup=C:\Windows\pss\Xinek.lnk.Startup
backupExtension=.Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Ashampoo AntiSpyWare 2 Guard"=C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
"Cdiscount Alert"="C:\Program Files\Cdiscount\Cdiscount Alert\launcher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7C412E2B-E019-441E-825E-6EF00E1DA445}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{06D01E96-C7EA-4EBA-B82C-A5F5320C3B07}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{649A87FA-B2D7-4D35-BB6D-2252EDD1DD5F}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{AEDDCD00-6472-4657-A4B3-08B8928ED580}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{C4EEF18E-B139-4507-BA2C-C3F2B7667C29}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{476B78C9-4601-4BA9-B6B5-C838191F498F}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{09C7F020-2AC3-46CD-AB95-71391C111F23}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{B861BB48-FF59-4894-817D-91D77EC66930}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{E56B244D-4E62-45AC-A85D-361E183A8ECB}"= UDP:C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{CEF59358-07B9-4C4C-844C-F430411A36DC}"= TCP:C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{68BAB2D7-226C-4397-AC0B-D6EA1EEDB3F7}"= UDP:C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
"{1CB0C0B1-8850-4F99-B372-2FEE8F7E71E4}"= TCP:C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
"{98B49667-97E4-4F18-97CF-F1536FDCD20F}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{52E190A6-3EBF-470F-9E80-00B262430B96}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A363C6D4-A7D5-4993-9E71-6C79BBA8F443}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{083EB886-2F49-4AAF-BC5B-2F3433B21B48}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{21866E3E-BEED-4F90-A90B-997016B7B73E}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{29ECE9B1-FF4D-4789-9664-17D5EB19D251}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{5E36CBFA-A342-4758-A795-90AF20ED6733}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire Demo\base\bin\Settlers6Demo.exe:THE SETTLERS - Rise of an Empire Demo
"{8FB0E462-E103-4C6F-BB96-BD7A3B98FF37}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire Demo\base\bin\Settlers6Demo.exe:THE SETTLERS - Rise of an Empire Demo
"{8ABFE284-BC29-4D05-8A9D-5AB0F04B1A6D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A60907AC-4BFF-45F8-9B6C-BEF26C567769}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{7FDB48E3-2869-4DC8-B168-D1A1B9FA30A7}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{DBCB30A7-C80B-48BA-978B-9A5DE355535A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{A3ABE172-7723-4157-B9A4-DC2A5E7E01E3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F868BA31-AD7D-408E-95B1-2A9B54DF5D6B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{89A40F9C-921E-4323-BF22-29811F4FDF2F}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{EFB77BBF-6D75-4ED5-8FC8-9166889EC9D1}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{8332E099-78A3-4992-9A03-F406F2B142F8}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{73A20967-F5E6-43DB-AACD-01C68C7449B8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DD702F32-C817-483F-B700-9FAA7E8AC8A2}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F2895F9A-A6AB-4F34-B38D-81942795AE8A}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{4B9B7BF9-2965-4A0D-8458-60DA7E0E8987}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8DB1755B-90BD-4641-89F4-9A07FAAA8B3D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{92066FFA-A09F-4E0C-97AD-249D2AE7F373}C:\\windows\\temp\\navbrowser.exe"= UDP:C:\windows\temp\navbrowser.exe:navbrowser.exe
"UDP Query User{431AC8C3-8257-4D57-B9EC-B623AA7916BA}C:\\windows\\temp\\navbrowser.exe"= TCP:C:\windows\temp\navbrowser.exe:navbrowser.exe
"TCP Query User{7D48E1E6-DB6C-48B7-939B-F630AA214F1B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{494DD9A7-2E35-449A-8254-183D9EBC3625}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A9CCA880-C86A-4386-B6D1-5304CF412EB1}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{F25E7C77-EC9E-49B1-B3E2-2A3A7BB2E8CF}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"{1A7C6DE6-B6D5-462A-9F4D-3C6557C48E51}"= UDP:21937:BitComet 21937 TCP
"{08089809-DD60-4B49-92A8-0FF4502E918A}"= TCP:21937:BitComet 21937 UDP
"TCP Query User{E3B03CE5-700F-416C-9CDA-1EF60B886815}C:\\program files\\eorezo\\eowiki\\itstv.exe"= UDP:C:\program files\eorezo\eowiki\itstv.exe:Application MFC ITSWebTV
"UDP Query User{399AB1AB-B14F-45BE-B276-1AF98FC7AEB8}C:\\program files\\eorezo\\eowiki\\itstv.exe"= TCP:C:\program files\eorezo\eowiki\itstv.exe:Application MFC ITSWebTV
"TCP Query User{D94A628D-F740-4422-9C5A-8EF0924C3DD7}C:\\program files\\eorezo\\eoweather\\itstv.exe"= UDP:C:\program files\eorezo\eoweather\itstv.exe:Application MFC ITSWebTV
"UDP Query User{9AE457B3-D884-41E4-B07A-BDEF0F932B72}C:\\program files\\eorezo\\eoweather\\itstv.exe"= TCP:C:\program files\eorezo\eoweather\itstv.exe:Application MFC ITSWebTV
"TCP Query User{BD3624E2-1EEE-4883-9341-8C74F825CD11}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{1B34A16D-B75A-44AF-ADE5-ECBB797ED9B5}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{5CB317CF-C7D5-4105-9393-751A3A63DFF2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E56FE0A8-9256-473F-A610-EB0B1E19EE84}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{54858A71-0AE9-4120-83E1-C3B7B23428EE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{129AEB6A-9A4F-46E3-8085-3087B4F4B82E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FD7DA439-46FC-428D-AE8A-FAB19DD498B7}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{E1924298-7596-491B-A4D3-EA5B7BECBF4E}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{3B9F2CB4-C331-480B-BCF0-58AE965B4D9B}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{8DE62BF1-70A7-44DD-82EB-1AFDBE09F211}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{374827E5-B456-435A-B9C5-8C2B70A5DA66}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{AB55F7D9-D380-4D2A-94E1-0FE74C844381}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{4C7A49EC-970D-40D6-A652-6C00FF0E3CC2}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{72BABBB0-3671-4593-B8F3-81CD240143FF}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{469BEB02-70FE-46FD-8174-0909EA52BB66}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{7B66ECAB-AFA9-4120-A675-D1F475D8DFB7}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"TCP Query User{074B90E5-80BC-43EE-95D5-B6F307E7A222}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{C2C1CD86-7AC2-4055-B18A-7396B787DE77}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"{962D5FDA-10BC-420D-A718-CC09228FE600}"= UDP:21937:BitComet 21937 TCP
"{191425C4-29F0-43A2-A597-17BF4416B6ED}"= TCP:21937:BitComet 21937 UDP
"TCP Query User{0A53DAF3-5B54-4396-9045-36D7D57616A2}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{43E1B0E2-09D1-4D6F-8453-FC19E91FA4B5}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{F479F909-C607-41A5-B4C9-CE636BD6604C}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:
"UDP Query User{96EB21CA-E63F-4F0C-BA0C-47384F1808E2}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:
"TCP Query User{7ED167C3-C7FA-4069-9123-98000CA593EE}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{87F3D278-4C1B-4731-A13E-108CCE4960B9}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{9AD71C47-F507-4272-A9BF-9D62CC93EBAC}C:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"UDP Query User{9B451361-7006-47F3-9E9B-F3E668733B3C}C:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"{A7F7318B-05C0-4B4C-A130-D1229C648AA8}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C28B2964-4F1E-4742-850B-7EE006ADE59C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1361C160-2A04-40FF-A612-A568C0170F42}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FB5B68A0-62B4-410B-BFDC-CD054B32425E}"= UDP:63331:Windows Live OneCare
"{3B23AA82-7C0E-49B4-93C5-F5DF601BBEE3}"= UDP:63331:Windows Live OneCare
"{F063AAAD-35B5-4EAE-BFE9-4E77D9E3CB1E}"= UDP:63331:Windows Live OneCare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 lnsfw1;lnsfw1;C:\Windows\system32\drivers\lnsfw1.sys [2007-11-30 20:41]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-03-13 14:36]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 11:32]
R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-06-25 06:47]
R2 ThalliumServer;Astase Thallium Backup Server;C:\Program Files\Astase\UltraBackup\4.9\bin\tbsd.exe [2007-03-18 23:51]
R2 ThPassiveSvc;ThalliumBackup Passive Agent;C:\Program Files\Astase\UltraBackup\4.9\bin\thpassiveclientsvc.exe [2007-03-19 10:50]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2007-11-30 05:07]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2006-09-28 23:41]
S0 Ramdisk;Ramdisk Driver;C:\Windows\system32\DRIVERS\ramdisk.sys [2003-03-16 03:00]
S1 prodrv04;Star Force copy protection driver v4;C:\Windows\system32\drivers\prodrv04.sys [2007-09-17 09:43]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 10:13]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-02-02 17:46]
S3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys [2006-10-18 19:14]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys [2006-10-19 15:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-07-11 18:23]
S3 ultradfg;ultradfg;C:\Windows\system32\DRIVERS\ultradfg.sys [2007-09-05 17:41]
S4 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2007-08-16 16:29]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5aefe33-4c1f-11dc-b5c6-001a9225236c}]
\shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcd00750-6d20-11dc-b541-001a9225236c}]
\shell\AutoRun\command - setupSNK.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-20 15:07:43 C:\Windows\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-07-13 11:00:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-04 18:00:00 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Jean.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-07-11 16:29:21 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-29 07:00:00 C:\Windows\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
"2008-06-23 07:13:21 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-02 16:33:08 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-13 10:55:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 13:37:05
Windows 6.0.6001 Service Pack 1, v.668 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-13 13:38:29
ComboFix-quarantined-files.txt 2008-07-13 11:38:26

Pre-Run: 128,370,581,504 octets libres
Post-Run: 128,366,682,112 octets libres

346 --- E O F --- 2008-05-20 01:00:47

geoffrey5 · Answer

Salut !!

saurais tu refaire un rapprt hijackthis pour vérifier stp

geoffrey5 · Answer

dsl de te répondre si tard...

télécharge OtMoveIt 

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
Double-clique sur OTMoveIt.exe pour le lancer. 
Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move. 


c:\program files\search settings\searchsettings.exe
 


clique sur MoveIt! pour lancer la suppression. 
Le résultat apparaitra dans le cadre "Results". 
Clique sur Exit pour fermer. 
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite :

Fix.reg 

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) : 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin. 
Puis click sur "fichier"/"enregistrer sous" : 
dans : sur le bureau 
Nom du fichier : fix.reg 
Type de fichier : "tous les fichiers" 
clique sur "enregistrer" 

ca doit ressembler à ca une fois enregistré : 

http://img520.imageshack.us/img520/4251/screenshot005ps2.png 

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?" 
Si c'est bien le cas, clique sur "oui" 


ensuite refais un nouveau rapport hijackthis stp

geoffrey5 · Answer

Salut !!

Je ne vois plus d infections dans ton rapport mais tu vas avoir beaucoup de lignes à fixer  :s

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll 
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O4 - Startup: DesktopEarth AutoStart.lnk = ? 
O9 - Extra button: (no name) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - (no file) 
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) 
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://consoclicker.com/TNSClickra.CAB 
O18 - Protocol: bw+0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw+0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw-0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw-0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw00 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw00s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw10 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw10s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw20 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw20s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw30 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw30s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw40 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw40s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw50 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw50s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw60 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw60s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw70 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw70s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw80 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw80s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw90 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw90s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwa0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwa0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwb0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwb0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwc0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwc0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwd0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwd0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwe0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwe0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwf0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwf0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll 
O18 - Protocol: bwg0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwg0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwh0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwh0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwi0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwi0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwj0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwj0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwk0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwk0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwl0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwl0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwm0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwm0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwn0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwn0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwo0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwo0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwp0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwp0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwq0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwq0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwr0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwr0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bws0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bws0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwt0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwt0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwu0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwu0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwv0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwv0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bww0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bww0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwx0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwx0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwy0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwy0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwz0 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwz0s - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: offline-8876480 - {7D0BFF87-CD87-4C0F-A3DE-8E7D90E472DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://consoclicker.com/TNSClickrb.CAB     
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.c­ab 
 O15 - Trusted Zone: www.consoclicker.com 

puis tu cliques sur fix checked.

vas faire la mise à niveau de java à cette adresse : https://www.java.com/fr/download/manual.jsp

et désinstalle la version antérieure.

est ce que tu as encore des problemes ??

Activation de Vista

13 réponses

Votre réponse

Discussions similaires

Newsletters