Infection par Spy Axe? Résolu

Question

Bonjour,

Voila je suis infecté par un spyware surement Spy Axe; j'ai une fenêtre qui s'ouvre qui dit "your computer is infected" et pleins de Pop up. Voici le rapport de SmitfraudFix:

SmitFraudFix v2.333

Rapport fait à 19:56:49.89, 02/08/2008
Executé à partir de D:\logiciels\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
D:\xampplite\apache\bin\apache.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
D:\xampplite\apache\bin\apache.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
D:\xampplite\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcshell.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kamikase


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kamikase\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kamikase\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="karina.dat"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{445C45FD-62F4-41E1-8873-879327071A95}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{445C45FD-62F4-41E1-8873-879327071A95}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{445C45FD-62F4-41E1-8873-879327071A95}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Merci pour votre aide

sKe69 · Answer

Salut,

Suite de la manipe ( nettoyage ), fais exactement ce qui suit : 

* Impératif : Redémarrer l'ordinateur en mode sans échec . 
Comment aller en Mode sans échec 
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 
( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)

*Double click sur SmitfraudFix.exe 

* Sélectionnes 2 et presses "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection. 

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection. 

( Le correctif déterminera si le fichier wininet.dll est infecté.)
 
* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée 
pour remplacer le fichier corrompu. 

* Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage ( sinon fais le manuellement ) 

Le rapport se trouve à la racine de C\: 
(dans le fichier "rapport.txt") 

Postes moi ce dernier rapport dans ton prochain message et attends les instructions ...

lilasn · Answer

ok merci pour ton aide je le fait de suite

sKe69 · Answer

une fois le rapport de Smithfraud posté enchaines directement par ce-ci stp :

Télécharges et installes le logiciel HijackThis : 
 
ici :ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici : http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .
Supprimes le raccourcis stp ...

Important :
Renommer le prg HijackThis : 
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---cliques droit sur ce dernier et choisis "renommer" : tapes monjack et valides .
Puis cliques droit sur "monjack.exe" et choisis "envoyer vers" -> le bureau ( créer un raccourci ). 

tuto pour utilisation 
Regardes ici, c'est parfaitement expliqué en images (merci balltrap34) :
http://pageperso.aol.fr/balltrap34/demohijack.htm 

2-!!Déconnectes toi et fermes toute tes applications en cours !!

Cliques sur le raccourci du bureau pour lancer le prg :
fais un scan "monjack" (ou HijackThis renommé) en cliquant sur : "Do a system scan and save a logfile" 

---> Postes le rapport généré pour analyse ...

lilasn · Answer

Voici d'abord le rapport smithfraudFix

SmitFraudFix v2.333

Rapport fait à 21:58:10.96, 02/08/2008
Executé à partir de D:\logiciels\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

127.0.0.1 www.ten-mobile.com
127.0.0.1 ads.regiedepub.com
127.0.0.1 clibleclick.com
127.0.0.1 doubleclick.net
127.0.0.1 espace.netavenir.com
127.0.0.1 mediaplex.com
127.0.0.1 smartadserver.com
127.0.0.1 tradedoubler.com
127.0.0.1 valueclick.com
127.0.0.1 valueclick.fr
127.0.0.1 advertising.com
127.0.0.1 bluestreak.com
127.0.0.1 mediaplex.com
127.0.0.1 mediaplex.fr
127.0.0.1 mediaplex.com/fr
127.0.0.1 statcounter.com
127.0.0.1 ad.adserverplus.com
127.0.0.1 engine.espace.netavenir.com
127.0.0.1 adviva.com
127.0.0.1 coremetrics.com
127.0.0.1 webtrendlive.com
127.0.0.1 ad.yieldmanager.com
127.0.0.1 www.salimmah.com
127.0.0.1 www.priceminister.com
127.0.0.1 www.isabella.fr

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{445C45FD-62F4-41E1-8873-879327071A95}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{445C45FD-62F4-41E1-8873-879327071A95}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{445C45FD-62F4-41E1-8873-879327071A95}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



J'ai installé et renommé hijackthis mais il ne veux pas se lancer

lilasn · Answer

Ah c'est bon voici le rapport: Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:07, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
D:\xampplite\apache\bin\apache.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
D:\xampplite\apache\bin\apache.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
D:\xampplite\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\Monjack\monjack.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [buritos] buritos.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Kamikase\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Kamikase\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Microgaming\Poker\32RedMPP\MPPoker.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: karina.dat
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

sKe69 · Answer

J'ai installé et renommé hijackthis mais il ne veux pas se lancer
--> c'est à dire ? précises stp ...

et en cliquand sur le prg directement ici : 
C:\ programme file\Trend Micro\HijackThis\"monjack.exe"

lilasn · Answer

Nos reponse on du se croiser j'ai donne le rapport hijackthis juste au dessus de ton message LoL

sKe69 · Answer

ok tu y es arrivé ... ^^

1- Télécharges se petit soft , ZEB_RESTORE :  

http://telechargement.zebulon.fr/zeb-restore.html 

Enregistres ce fichier sur ton bureau. 

-Clic droit Zeb-Restore.zip ==> "Extraire tout" choisis comme lieu d'enregistrement le bureau. 
-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe 
---> Coches les cases devant ( et uniquement celles-ci ! ) : 

* Sites de confiance et sensibles : efface le contenu de ces zones (à utiliser si vous êtes infecté par des malwares) 
* Préfixes et Protocoles Internet : restore les clés des protocoles Internet (ZoneMap etc.) 
* Réinitialiser Fichier Hosts : réinitialise le fichier Hosts  

-Cliques sur : " Restaurer "

--->Redémarres ton PC 

2- Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe. 

--->Double-cliques sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite ,redémarres en mode sans échec . 
Comment aller en Mode sans échec :
1) Redémarres ton ordi 
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 

Ouvres le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double cliques sur RunThis.bat pour lancer le script. 
--->Tapes Y pour lancer le script ... 
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé . 

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...

lilasn · Answer

Mon Pc refuse de démarrer en mode sans echec au moment de choisir l'utilisateur il m'affiche rapidement un message d'erreur comme quoi windows ne peut  demarrer en mode sans echec

lilasn · Answer

en plus j'arrive pas a installer Sdfix je peux que le decompresser

lilasn · Answer

C'est pas un logiciel pour linux?

sKe69 · Answer

Essayes ce-ci pour réparer le mode sans échec : 
Cliques droit sur ce lien :
http://www.malekal.com/download/SafeBoot.reg 
Et choisis " enregistrer la cible sous " afin de télécharger "SafeBoot.reg" sur ton Bureau . 
Doubles cliques sur ce .reg et acceptes la fusion avec le registre . 

Si cela marche , reprends la manipe de SDFix ... sinon préviens moi ...

lilasn · Answer

Je l'ai fait j'ai pas encore essayé si ca marche parceque j'arrive toujours pas a installé SDfix je pense que c'est un logiciel pour linux

lilasn · Answer

Peut etre que c'est pour xp mais quand je double clique dessus rien ne se passe, je peut que le decompresser et donc il ne s'effectue pas d'install comme decrit dans le tuto dont tu ma donné le lien.

lilasn · Answer

J'ai tenté de redemarrer en mode sans echec cette fois j'ai pu entrer sous Administrateur et comme normalement la fenetre qui dit que je suis bien en mode sans echec .... cliquer Oui ou Non s'affiche mais j'ai pas le temps de cliquer que le pc redemarre

sKe69 · Answer

Essaye avec cet autre .exe :

Télécharges ceci : 
https://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe 

double clique dessus ( cela répare la clé safeboot qui gère le mode sans echec ). 

ensuite retentes le coup ....

lilasn · Answer

ok je le fait de suite merci

lilasn · Answer

cette fois a peine j'ai cliquer sur administrateur le pc a redemarré

sKe69 · Answer

mouias ...
laisses tomber pour le momment ...

fais ce-ci pour voir plus en détaille ce qui ce trame :

Télécharges DSS (Deckard's System Scanner de Deckard) sur ton Bureau : 

http://www.techsupportforum.com/sectools/Deckard/dss.exe 
 
!! Fermes toutes les applications en cours (très important, sinon l'ordi peut planter) !! 

Double-clique sur DSS.exe pour lancer l'outil. 
(S'il ne trouve pas HijackThis, clique sur Oui ) 

Clique sur OK à chaque fois que cela sera demandé. 

Le scan peut durer un certain temps suivant les cas , sois patient ...

L'analyse finis, un fichier texte s'affichera --->postes ce rapport dans ta prochaine 
réponse pour analyse ... 

(Le rapport se trouve en outre ici : C:\Deckard\System Scanner\main.txt.) 

Important : Si tu obtiens deux rapports ("main.txt" + "extra.txt") alors poste les deux stp. 
Attention --> les rapports peuvent être long donc envoie chacun d'eux dans un poste différent (sinon il risque de manquer la fin).

sKe69 · Answer

re,
une fois les rapports DSS postés , fais ce-ci :

je viens de m'apercevoir de deux choses :

1 -> Smithfraudfix n'est pas installé au bon endroit pour être efficace .
Donc déplaces le de D:\logiciels\SmitfraudFix  à C:\SmitfraudFix

2-> tu as lancé l'option 2 ( nettoyage ) en mode normal alors qu'il faut impérativement le faire en mode sans échec  comme je te l'avais demandé ( sinon le nett. ne marche pas ...) .

Donc tu vas reprendre comme ce-ci ( une fois les rapports DSS postés et Smithfraudfix mit à sa place ) :

!! Déconnectes toi, fermes toute tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!
 
Utilisation ---> option 1 / Recherche : 
Double clique sur l'icône "Smitfraudfix.exe" et sélectionnes 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.
 
Postes le rapport ( "rapport.txt" qui se trouve sous C:\ ) et attends la suite ... 

Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php

(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

lilasn · Answer

Bonjour 

j'ai enfin résolu mon problème en installant Malwaresbytes. Il m'a tout nettoyer sans que j'ai besoin de mettre mon pc en mode sans echec.

Merci quand meme

lilasn · Answer

Ok je poste ca:

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1017
Windows 5.1.2600 Service Pack 2

00:37:19 03/08/2008
mbam-log-8-3-2008 (00-37-19).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 170058
Temps écoulé: 47 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Lilas\Local Settings\Application Data\gwcmayu_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lilas\Local Settings\Application Data\gwcmayu_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lilas\Local Settings\Application Data\gwcmayu.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lilas\Local Settings\Application Data\gwcmayu.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\WINDOWS\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winivstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buritos.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\buritos.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
vs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ufalabux.dll (Trojan.Agent) -> Quarantined and deleted successfully.



rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:18, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
D:\xampplite\apache\bin\apache.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
D:\xampplite\apache\bin\apache.exe
C:\WINDOWS\RTHDCPL.EXE
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
D:\xampplite\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Monjack\monjack.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Kamikase\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Kamikase\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Microgaming\Poker\32RedMPP\MPPoker.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: karina.dat
O23 - Service: McAfee Application Installer Cleanup (0214661217726411) (0214661217726411mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Kamikase\LOCALS~1\Temp\021466~1.EXE
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

sKe69 · Answer

c'est ce qu'il me semblais ^^

il c'est bien occuppé de "buritos" ... en espèrant qu'on puisse aller en mode sans échec car tes es encore bien infecté ...

Mais on va d'abors s'occuper de Navipromo qui n'est pas completement supprimé par Malwarbytes ...

Fais ce-ci :

Télécharges Navilog1 sur ton bureau : 

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

!! Déconnectes toi,désactives tes défences( anti-virus,anti-spyware ) et fermes bien toutes tes applications le temps de la manipe !!
  
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisses-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
 
Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 

Appuies sur une touche comme demandé, le bloc-note va s'ouvrir. 
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite . 

(Le rapport est en outre sauvegardé à la racine du disque "C\:fixnavi.txt" ) 

TUTO (aide)  : http://www.malekal.com/Adware.Magic_Control.php#mozTocId595901

lilasn · Answer

Merci de verifier

voici le rapport

Search Navipromo version 3.6.1 commencé le 03/08/2008 à 18:13:27.14

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Kamikase" 

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Kamikase\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.ACE\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\APPLIC~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\Lilas\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Kamikase\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.ACE\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\Lilas\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Kamikase\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.ACE\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\Lilas\menudm~1\progra~1" *** 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier Navipromo trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Kamikase\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1.ACE\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\Lilas\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Kamikase\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1.ACE\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\Lilas\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 03/08/2008 à 18:20:13.85 ***

sKe69 · Answer

Bizard ... c'est propre ... d'habitude il reste un .dat et les certificats infectieux ... passons ...

fais exactement ce qui suit : 

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !): 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide . 

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) . 

Appuyes sur la touche Y (Yes) pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 
---> si un message d'erreur windows apparait à un momment  : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) 

Le rapport sera crée dans: C:\Combofix.txt 
 
Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

lilasn · Answer

rapport combo ComboFix 08-08-02.01 - Kamikase 2008-08-03 18:38:34.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.235 [GMT 2:00] Endroit: D:\logiciels\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Kamikase\Application Data\macromedia\Flash Player\#SharedObjects\4AT5JWLH\interclick.com C:\Documents and Settings\Kamikase\Application Data\macromedia\Flash Player\#SharedObjects\4AT5JWLH\interclick.com\ud.sol C:\Documents and Settings\Kamikase\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Kamikase\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Kamikase\Local Settings\Temporary Internet Files\voriqu.sys C:\Documents and Settings\Kamikase\new.txt . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))))))) . 2029-12-20 06:27 . 2029-12-20 06:27 3,120 --a--c--- C:\WINDOWS\MF_C421.lfa 2029-12-20 06:27 . 2029-12-20 06:27 3,120 --a--c--- C:\WINDOWS\MF_C420.lfa 2008-08-03 03:19 . 2008-08-03 03:19 d-------- C:\WINDOWS\LastGood.Tmp 2008-08-03 03:12 . 2008-08-03 03:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-03 03:12 . 2008-08-03 03:12 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-03 00:42 . 2004-08-05 07:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys 2008-08-03 00:42 . 2004-08-05 07:00 4,224 --a------ C:\WINDOWS\system32\dllcache\beep.sys 2008-08-02 23:47 . 2008-08-02 23:47 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-02 23:47 . 2008-08-02 23:47 d-------- C:\Documents and Settings\Kamikase\Application Data\Malwarebytes 2008-08-02 23:47 . 2008-08-02 23:47 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-02 23:47 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-02 23:47 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-02 22:42 . 2005-12-16 04:04 d--h----- C:\Documents and Settings\Administrateur.ACER-755E621E64\Voisinage r‚seau 2008-08-02 22:42 . 2005-12-16 04:04 d--h----- C:\Documents and Settings\Administrateur.ACER-755E621E64\Voisinage d'impression 2008-08-02 22:42 . 2007-02-25 22:22 d--h----- C:\Documents and Settings\Administrateur.ACER-755E621E64\ModŠles 2008-08-02 22:42 . 2007-02-25 22:22 dr------- C:\Documents and Settings\Administrateur.ACER-755E621E64\Mes documents 2008-08-02 22:42 . 2007-02-25 22:22 dr------- C:\Documents and Settings\Administrateur.ACER-755E621E64\Menu D‚marrer 2008-08-02 22:42 . 2007-02-25 22:21 dr------- C:\Documents and Settings\Administrateur.ACER-755E621E64\Favoris 2008-08-02 22:42 . 2005-12-16 04:04 d-------- C:\Documents and Settings\Administrateur.ACER-755E621E64\Bureau 2008-08-02 22:42 . 2008-08-02 22:42 d-------- C:\Documents and Settings\Administrateur.ACER-755E621E64 2008-08-02 22:12 . 2008-08-02 22:12 d-------- C:\Program Files\Trend Micro 2008-08-02 19:56 . 2008-08-02 21:58 4,222 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-02 19:48 . 2008-08-02 19:48 d-------- C:\Program Files\CCleaner 2008-08-02 19:06 . 2008-08-02 19:06 19,133 --a------ C:\Documents and Settings\All Users\Application Data\kusus.com 2008-08-02 19:06 . 2008-08-02 19:06 16,343 --a------ C:\WINDOWS\ilecudeb.vbs 2008-08-02 19:06 . 2008-08-02 19:06 15,677 --a------ C:\Documents and Settings\Kamikase\Application Data\ikysulydy.exe 2008-08-02 19:06 . 2008-08-02 19:06 15,525 --a------ C:\Documents and Settings\Kamikase\Application Data\upobejymo.exe 2008-08-02 19:06 . 2008-08-02 19:06 15,505 --a------ C:\WINDOWS\system32\uxyzej.exe 2008-08-02 19:06 . 2008-08-02 19:06 12,707 --a------ C:\WINDOWS\ijedyt.db 2008-08-02 19:06 . 2008-08-02 19:06 10,615 --a------ C:\Program Files\Fichiers communs\fyjijipyk.dat 2008-08-02 19:06 . 2008-08-02 19:06 10,313 --a------ C:\WINDOWS\ydit._dl 2008-08-02 17:36 . 2008-08-02 17:36 d-------- C:\Program Files\Diner Dash Hometown Hero 2008-08-02 16:38 . 2008-08-02 16:38 d-------- C:\Program Files\ReflexiveArcade 2008-08-02 16:16 . 2008-08-03 17:24 d-------- C:\Documents and Settings\Kamikase\Application Data\PlayFirst 2008-08-02 16:16 . 2008-08-03 17:24 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-08-02 16:15 . 2008-08-02 16:15 d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2008-07-25 18:13 . 2008-07-25 18:13 d-------- C:\Program Files\DAEMON Tools 2008-07-23 04:54 . 2008-07-23 04:54 d-------- C:\Program Files\Sun 2008-07-15 08:43 . 2004-01-05 11:44 38,879 --------- C:\WINDOWS\hpomdl03.dat 2008-07-15 08:43 . 2004-01-05 11:47 29,013 --------- C:\WINDOWS\hpoins03.dat 2008-07-15 01:40 . 2008-07-15 01:40 d-------- C:\Documents and Settings\Lilas\Application Data\HP 2008-07-15 01:18 . 2008-07-15 01:40 d-------- C:\Documents and Settings\Lilas\Application Data\Image Zone Express 2008-07-12 23:05 . 2008-07-15 08:45 d-------- C:\Documents and Settings\Lilas\Application Data\Azureus 2008-07-09 17:16 . 2008-07-09 17:16 d-------- C:\Program Files\Microsoft Silverlight . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-03 16:20 --------- d-----w C:\Program Files\Navilog1 2008-08-03 12:48 --------- d-----w C:\Program Files\PokerStars 2008-08-03 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-03 01:19 --------- d-----w C:\Program Files\McAfee 2008-08-02 17:06 18,121 ----a-w C:\Program Files\Fichiers communs\uzokupa._sy 2008-08-02 17:06 17,281 ----a-w C:\Program Files\Fichiers communs\ufawimyfys.ban 2008-08-02 17:06 16,265 ----a-w C:\Program Files\Fichiers communs\ewuveqyhy._sy 2008-08-02 17:06 12,347 ----a-w C:\Program Files\Fichiers communs\ekicalupex.ban 2008-08-02 17:06 10,497 ----a-w C:\Program Files\Fichiers communs\obobit.ban 2008-08-02 16:45 --------- d-----w C:\Documents and Settings\Kamikase\Application Data\Azureus 2008-08-02 15:20 --------- d-----w C:\Documents and Settings\Kamikase\Application Data\Microgaming 2008-07-31 18:03 --------- d-----w C:\Program Files\Steam 2008-07-27 17:13 --------- d-----w C:\Program Files\Absolute Poker 2008-07-25 16:13 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2008-07-25 02:19 --------- d-----w C:\Program Files\CureROM 2008-07-23 02:54 --------- d-----w C:\Program Files\Java 2008-07-13 23:24 --------- d-----w C:\Program Files\CAPCOM 2008-07-13 20:49 --------- d-----w C:\Program Files\Azureus 2008-06-29 17:08 --------- d-----w C:\Documents and Settings\Lilas\Application Data\vlc 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-08 12:26 --------- d-----w C:\Documents and Settings\Lilas\Application Data\Microgaming 2008-06-07 01:25 --------- d-----w C:\Documents and Settings\Lilas\Application Data\DivX 2004-08-05 05:00 93,184 -csha-w C:\WINDOWS\BricoPacks\SysFiles\79_iexplore.exe . ------- Sigcheck ------- 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 07:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 07:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 07:00 455168] "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 19:15 45056] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 07:00 59392] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 07:00 208952] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 18:00 397312] "AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 17:07 114688] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-05 21:10 36904] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-21 15:27 7405568] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14:36 14854144 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2006-02-21 15:27 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-02-21 15:27 86016 C:\WINDOWS\system32\nvmctray.dll] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-30 03:34 5419008] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP40"= vp4vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"= "D:\eMule\emule.exe"= "C:\Program Files\Conference\Conference.dll"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"= "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"= R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 09:00] R2 Apache2.2;Apache2.2;D:\xampplite\apache\bin\apache.exe [2007-09-20 23:29] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46] R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 23:14] S2 0214661217726411mcinstcleanup;McAfee Application Installer Cleanup (0214661217726411);C:\DOCUME~1\Kamikase\LOCALS~1\Temp\[u]0[/u]21466~1.EXE C:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini [] S2 CanalPlus.VOD;CanalPlus.VOD;C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2008-06-11 21:02] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-01 01:31] S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3363e17f-ba18-11dc-b26c-0016ec391081}] \Shell\AutoRun\command - J:\launcher.exe *Newly Created Service* - 0214661217726411MCINSTCLEANUP . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-07-14 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-07-31 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-08-01 C:\WINDOWS\Tasks\nettoyage.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Kamikase\Application Data\Mozilla\Firefox\Profiles\a654ixgl.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll FF -: plugin - C:\Program Files\Canal\Canal Widget\VOD\npCpVod.dll FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-03 18:44:30 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6261\saHook.dll -> C:\WINDOWS\system32\nview.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe D:\xampplite\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-03 18:55:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-03 16:55:25 Pre-Run: 39,484,329,984 octets libres Post-Run: 39,444,934,656 octets libres 246 --- E O F --- 2008-07-08 20:39:44 rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:59:29, on 03/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe D:\xampplite\apache\bin\apache.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\RTHDCPL.EXE D:\xampplite\apache\bin\apache.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe D:\xampplite\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\Monjack\monjack.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Kamikase\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Kamikase\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Microgaming\Poker\32RedMPP\MPPoker.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: bw+0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {CE7A3CFA-35C0-4509-8B32-C8E2E6A32940} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: McAfee Application Installer Cleanup (0214661217726411) (0214661217726411mcinstcleanup) - Unknown owner - C:\DOCUME~1\Kamikase\LOCALS~1\Temp\021466~1.EXE (file missing) O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

sKe69 · Answer

bien ...

1- Mets à jours ce qui suit, c'est important ( des version pas à jours = failles de sécurité ) :
* Adobe Reader :
télécharges et installes la dernière version ici (désinstalles avant l'ancienne version via son propre prg de désinstallation):
https://get2.adobe.com/reader/otherversions/ 

2- Télécharges : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ). 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

---> Utilisation:
vas dans "nettoyeur" : fait analyse puis nettoyage 
et vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

3- refait un scan hijackthis et postes moi le rapport obtenue pour analyse ... Et pendant ce temps , re-testes le mode sans échec et dis moi si ça marche maintenant ....

Infection par Spy Axe?

27 réponses

Votre réponse

Discussions similaires

Newsletters