suis deprimé spyware detected !!!! Fermé

Question

Bonjour,
 warning spyware detected sur fond bleu sur mon ordi !!!
Comment faire , je uis deprimée mon ordi s'allume et s'eteint tout seul maintenant ...
Merci d'avancve .

geoffrey5 · Answer

Salut !!

Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp

&#x25B6; Télécharge  hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

https://www.androidworld.fr/


Comment copier/coller le rapport :


Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

Une explication des raccourcis clavier sont illustrés sur mon site web à cette adresse :

https://www.androidworld.fr/

petrel28 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:02, on 23/09/2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\dla	fswctrl.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\msauc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\documents and settings\propriétaire\local settings\application data\awouw.exe
C:\WINDOWS\system32\xybeluvi.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32
mhau.dll/sp.html#83556
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32
mhau.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32
mhau.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://69.50.182.88/?qq=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Update Service] update32.pif
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
O4 - HKLM\..\Run: [kugloy] c:\windows\system32\kugloy.exe kugloy
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
O4 - HKLM\..\Run: [lphc7gmj0e51r] C:\WINDOWS\System32\lphc7gmj0e51r.exe
O4 - HKLM\..\RunServices: [Windows Update Service] update32.pif
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Windows Update Service] update32.pif
O4 - HKCU\..\Run: [dog default] C:\DOCUME~1\PROPRI~1\APPLIC~1\PROXYS~1\acid second.exe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [awouw] "c:\documents and settings\propriétaire\local settings\application data\awouw.exe" awouw
O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system
O4 - HKCU\..\Run: [mnten] C:\WINDOWS\system32\xybeluvi.exe
O4 - HKCU\..\RunServices: [Windows Update Service] update32.pif
O4 - HKLM\..\Policies\Explorer\Run: [p4Ctsnect2] C:\Documents and Settings\All Users\Application Dataaxmlefu\hifipifg.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows Update Service] update32.pif (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows	emp\adj_hp.reg (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows Update Service] update32.pif (User 'Default user')
O4 - .DEFAULT User Startup: ddrive.js (User 'Default user')
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:oo.mht!http://69.50.136.249/tttlrmadam1000/help.chm::/uninst.exe
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: eplrr9 - {AF3790DD-46A5-49EB-8001-2CD854132EB3} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crgn.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

geoffrey5 · Answer

ok...commence par faire ceci stp :

&#x25B6; Télécharge sur le bureau Navilog1 (c est le numéro 1 en bas de la page) 

*Si votre antivirus s'affole , le désactiver 
sous vista : Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisis "Exécuter en tant qu'administrateur
sous XP : double-clic dessus pour l'installer et le lancer 

 
&#x25B6; Quand installé 
&#x25B6; taper F 
&#x25B6; Appuyer sur une touche jusqu' arriver aux options 
&#x25B6; Choisir Recherche ( = taper 1 ) 

&#x25B6;ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes 

&#x25B6;un rapport : fixnavi.txt dans ==> C:
 
&#x25B6;le copier et le coller dans la réponse

petrel28 · Answer

voila, mon rapport  qu'en penses tu ....

geoffrey5 · Answer

tu as plusieures infections, dont navipromo.

je te conseille donc de faire navilog  ;-)

petrel28 · Answer

c quoi navigo ? facile

geoffrey5 · Answer

C est un outil de suppression destiné à traiter les infections navipromo...tu en as  ;-)

fais ce que je t ai demandé au message 3 stp

je dois m absenter, je reviendrai tout à l heure pour vérifier ton rapport et te donner la suite  ;-)

@+

petrel28 · Answer

ok merci je vais tenter ca 
et hje remet un rapport ok ?

geoffrey5 · Answer

Salut tout d abord !!

oui poste le rapport généré par navilog stp

petrel28 · Answer

re Salut mon sauveur !!!!
Bon le scan est un peu long c'est normal coach ?

geoffrey5 · Answer

oui cela peut durer une dixaine de minutes...Laisse le bien travailler  ;-)

petrel28 · Answer

Search Navipromo version 3.6.5 commencé le 25/09/2008 à 12:09:21,42

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Propriétaire" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2600.0000 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***

C:\WINDOWS\mslagent trouvé !

*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\awouw.dat
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\awouw.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\awouw_nav.dat
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\awouw_navps.dat


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * 

Fichiers trouvés :

awouw.exe trouvé ! 



*** Recherche fichiers *** 


C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS	mlpcert2007 trouvé !
C:\WINDOWS\system32
vs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

miuabxjv.dat trouvé !
miuabxjv_nav.dat trouvé !
miuabxjv_navps.dat trouvé !
uonkaidfqh.dat trouvé !
uonkaidfqh_nav.dat trouvé !
uonkaidfqh_navup.dat trouvé !
uonkaidfqh_navps.dat trouvé !

* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 25/09/2008 à 12:34:57,85 ***

geoffrey5 · Answer

ok maintenant :

&#x25B6; Double-Clic navilog1 

&#x25B6; Choisir cette fois option 2 taper 2 

note : le bureau disparaît 

&#x25B6;redémarrage du pc 

&#x25B6; mettre le rapport dans la réponse


ensuite :


Option 1 - Recherche :


&#x25B6; télécharge smitfraudfix et enregistre le sur le bureau 

(c est le numéro 2 en bas de la page) : 

&#x25B6; Ensuite double clique sur smitfraudfix puis exécuter

&#x25B6; Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

&#x25B6; copier/coller le rapport dans la réponse.


Un tutoriel sonore et animé est à ta disposition sur le site.



(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, 
cet utilitaire pourrait arrêter des logiciels de sécurité.)

petrel28 · Answer

Clean Navipromo version 3.6.5 commencé le 25/09/2008 à 13:07:18,09

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Propriétaire" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2600.0000
Système de fichiers : NTFS

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

*** Creation backups fichiers trouvés par Catchme *** 

Copie vers "C:\Program Files
avilog1\Backupnavi"


*** Suppression des fichiers trouvés avec Catchme ***

 
** 2ème passage avec résultats Catchme ** 

* Dans "C:\WINDOWS\system32" *


C:\WINDOWS\prefetch\awouw*.pf trouvé ! 
Copie C:\WINDOWS\prefetch\awouw*.pf réalisée avec succès !
C:\WINDOWS\prefetch\awouw*.pf supprimé !


* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * 


awouw.exe trouvé ! 
Copie awouw.exe réalisée avec succès !
awouw.exe supprimé !

awouw.dat trouvé ! 
Copie awouw.dat réalisée avec succès !
awouw.dat supprimé !

awouw_nav.dat trouvé ! 
Copie awouw_nav.dat réalisée avec succès !
awouw_nav.dat supprimé !

awouw_navps.dat trouvé ! 
Copie awouw_navps.dat réalisée avec succès !
awouw_navps.dat supprimé !


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *



* Suppression dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * 




*** Suppression dossiers dans "C:\WINDOWS" ***

C:\WINDOWS\mslagent ...suppression... 
C:\WINDOWS\mslagent supprimé ! 


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS	mlpcert2007 supprimé !
C:\WINDOWS\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Propri‚taire\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


miuabxjv.dat trouvé ! 
Copie miuabxjv.dat réalisée avec succès !
miuabxjv.dat supprimé !

miuabxjv_nav.dat trouvé ! 
Copie miuabxjv_nav.dat réalisée avec succès !
miuabxjv_nav.dat supprimé !

miuabxjv_navps.dat trouvé ! 
Copie miuabxjv_navps.dat réalisée avec succès !
miuabxjv_navps.dat supprimé !

uonkaidfqh.dat trouvé ! 
Copie uonkaidfqh.dat réalisée avec succès !
uonkaidfqh.dat supprimé !

uonkaidfqh_nav.dat trouvé ! 
Copie uonkaidfqh_nav.dat réalisée avec succès !
uonkaidfqh_nav.dat supprimé !

uonkaidfqh_navps.dat trouvé ! 
Copie uonkaidfqh_navps.dat réalisée avec succès !
uonkaidfqh_navps.dat supprimé !

uonkaidfqh_navup.dat trouvé ! 
Copie uonkaidfqh_navup.dat réalisée avec succès !
uonkaidfqh_navup.dat supprimé !


* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Clés RUN orphelines Navipromo ***
!! Résultats temporairement non pris en charge !!
!! Les clés trouvées ne sont pas forcément infectées !!

Clés trouvés :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kugloy"="c:\windows\system32\kugloy.exe kugloy"


*** Nettoyage terminé le 25/09/2008 à 13:15:28,53 ***

petrel28 · Answer

je sens que l'on avance quelle est la prochaine étape geoffray ?

geoffrey5 · Answer

je t avais écris la prochaine étape dans le message précédent  ;-)

petrel28 · Answer

ok je mi colle

petrel28 · Answer

SmitFraudFix v2.354

Rapport fait à 13:50:04,10, 25/09/2008
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla	fswctrl.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\msauc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\system32\xybeluvi.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\country.exe PRESENT !
C:\WINDOWS\kl1.exe PRESENT !
C:\WINDOWS\ms1.exe PRESENT !
C:\WINDOWS\secure32.html PRESENT !
C:\WINDOWS	ool1.exe PRESENT !
C:\WINDOWS	ool2.exe PRESENT !
C:\WINDOWS	ool3.exe PRESENT !
C:\WINDOWS	ool4.exe PRESENT !
C:\WINDOWS	ool5.exe PRESENT !
C:\WINDOWS	oolbar.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\paytime.exe PRESENT !
C:\WINDOWS\system32	s.ico PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB695EE4-7312-4AA3-9836-0DDA9DD71EE7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BB695EE4-7312-4AA3-9836-0DDA9DD71EE7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BB695EE4-7312-4AA3-9836-0DDA9DD71EE7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

geoffrey5 · Answer

ok maintenant fais ce qui suit stp :

Option 2 - Nettoyage :


&#x25B6; Redémarrer l'ordinateur en mode sans échec (tapoter rapidement la touche F8 au démarrage du pc pour obtenir le menu des options avancées).

&#x25B6; Double cliquer sur smitfraudfix

&#x25B6; Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

&#x25B6; A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

&#x25B6; Enregistre le rapport sur ton bureau


&#x25B6; Redémarrer en mode normal et poster le rapport.


ensuite :


&#x25B6; Télécharger malwarebytes 
 
&#x25B6; Voici un tuto pour bien l installer et bien l utiliser : 

https://www.androidworld.fr/

aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé
 

Après l analyse, redémarrer le pc et poste le rapport !!

Et refais un nouveau rapport hijackthis stp

petrel28 · Answer

SmitFraudFix v2.354

Rapport fait à 14:45:38,40, 25/09/2008
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\country.exe supprimé
C:\WINDOWS\kl1.exe supprimé
C:\WINDOWS\ms1.exe supprimé
C:\WINDOWS\secure32.html supprimé
C:\WINDOWS	ool1.exe supprimé
C:\WINDOWS	ool2.exe supprimé
C:\WINDOWS	ool3.exe supprimé
C:\WINDOWS	ool4.exe supprimé
C:\WINDOWS	ool5.exe supprimé
C:\WINDOWS	oolbar.exe supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\paytime.exe supprimé
C:\WINDOWS\system32	s.ico supprimé
C:\WINDOWS\system32\1024\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB695EE4-7312-4AA3-9836-0DDA9DD71EE7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BB695EE4-7312-4AA3-9836-0DDA9DD71EE7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BB695EE4-7312-4AA3-9836-0DDA9DD71EE7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

petrel28 · Answer

voila j'ai redemarer mon pc et la c cool j'ai plus le message en alerte sur mon bureau !!!!
bon je continue a suivre tes conseils avisés .a tout de suite

geoffrey5 · Answer

ok j attends tes rapports pour les analyser et te dire la suite  ;-)

@+

petrel28 · Answer

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1203
Windows 5.1.2600 

25/09/2008 16:30:38
mbam-log-2008-09-25 (16-30-38).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 94015
Temps écoulé: 1 hour(s), 6 minute(s), 59 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 37
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 52

Processus mémoire infecté(s):
C:\WINDOWS\msauc.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER	ypelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Servicesdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsass driver (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc7gmj0e51r (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iexplorer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\msauc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP2\A0001079.exe (Trojan.Hooker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpx44.cpx (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpx106.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UVXiIS.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
etode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ewsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc7gmj0e51r.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc7gmj0e51r.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

geoffrey5 · Answer

ok maintenant refais un nouveau rapport hijackthis stp

je dois m absenter donc je reviendrai tout à l heure pour vérifier ton rapport  ;-)

@+

petrel28 · Answer

et voila mon rapport hicjack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:30, on 25/09/2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla	fswctrl.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\system32\xybeluvi.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Update Service] update32.pif
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
O4 - HKLM\..\Run: [kugloy] c:\windows\system32\kugloy.exe kugloy
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\RunServices: [Windows Update Service] update32.pif
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Windows Update Service] update32.pif
O4 - HKCU\..\Run: [dog default] C:\DOCUME~1\PROPRI~1\APPLIC~1\PROXYS~1\acid second.exe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [mnten] C:\WINDOWS\system32\xybeluvi.exe
O4 - HKCU\..\RunServices: [Windows Update Service] update32.pif
O4 - HKLM\..\Policies\Explorer\Run: [p4Ctsnect2] C:\Documents and Settings\All Users\Application Dataaxmlefu\hifipifg.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows Update Service] update32.pif (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows	emp\adj_hp.reg (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows Update Service] update32.pif (User 'Default user')
O4 - .DEFAULT User Startup: ddrive.js (User 'Default user')
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:oo.mht!http://69.50.136.249/tttlrmadam1000/help.chm::/uninst.exe
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: eplrr9 - {AF3790DD-46A5-49EB-8001-2CD854132EB3} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crgn.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

petrel28 · Answer

un grand merci a toi on se tien au courant a toute

geoffrey5 · Answer

- relance navilog

- tape 4 au menu des options pour faire une suppression manuelle

- tape ceci : kugloy.exe

- ensuite lance la suppression et poste le rapport


ensuite :


&#x25B6; Télécharge Combofix de sUBs 

(c est le numéro 5 en bas de la page)

&#x25B6; et enregistre le sur le Bureau. 

  
&#x25B6; désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware) 


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
 

ensuite envois le rapport et refais un nouveau rapport hijackthis stp

petrel28 · Answer

Clean Navipromo version 3.6.5 commencé le 26/09/2008 à 12:07:47,74

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Propriétaire" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2600.0000
Système de fichiers : NTFS


Mode suppression par méthode manuelle

Nom du fichier saisi : Kugloy.exe

Nettoyage exécuté au redémarrage de l'ordinateur

*** Recherche, création sauvegardes et suppression ***

* Suppression dans "C:\WINDOWS\system32" *


* Suppression dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Propri‚taire\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Clés RUN orphelines Navipromo ***
!! Résultats temporairement non pris en charge !!
!! Les clés trouvées ne sont pas forcément infectées !!

Clés trouvés :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kugloy"="c:\windows\system32\kugloy.exe kugloy"


*** Nettoyage terminé le 26/09/2008 à 12:18:22,51 ***

geoffrey5 · Answer

Salut !!

petite erreur de ma part  :s

relance navilog en sélectionnat l option 4 et tape ceci : kugloy

ensuite lance la désinfection et poste le rapport stp

petrel28 · Answer

ComboFix 08-09-25.05 - Propri‚taire 2008-09-26 12:58:27.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.0.1252.1.1036.18.80 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . [i] ADS - svchost.exe: deleted 68 bytes in 1 streams. [/i] [i] ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams. [/i] [i] ADS - explorer.exe: deleted 132 bytes in 1 streams. [/i] (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS asqervy.dll C:\WINDOWS\sdfinacs.dll C:\WINDOWS\sdfixwcs.dll C:\WINDOWS\wiaservb.log C:\WINDOWS\wuasirvy.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-26 au 2008-09-26 )))))))))))))))))))))))))))))))))))) . 2008-09-25 15:22 . C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes 2008-09-25 15:21 . 2008-09-25 15:22 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-25 15:21 . 2008-09-25 15:21 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-25 15:21 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-25 15:21 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-25 13:50 . 2008-09-25 14:46 3,694 --a------ C:\WINDOWS\system32 mp.reg 2008-09-25 13:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-09-25 13:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-09-25 13:49 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-09-25 13:49 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-09-25 13:49 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe 2008-09-25 13:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-09-25 13:49 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-09-25 13:49 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-09-25 13:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-09-25 13:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-09-25 12:07 . 2008-09-26 12:18 d-------- C:\Program Files\Navilog1 2008-09-22 15:29 . 2008-09-22 15:35 d-------- C:\Program Files\Enigma Software Group 2008-09-22 15:15 . 2008-09-22 15:15 d----c--- C:\VundoFix Backups 2008-09-22 12:51 . 2008-09-22 12:51 d-------- C:\Program Files\Trend Micro 2008-09-20 18:04 . 2008-09-26 13:25 104,944 --a------ C:\WINDOWS\system32\drivers\cb266f89.sys 2008-09-19 18:16 . 2008-09-19 18:21 d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-19 12:36 . 2008-09-22 10:33 d-------- C:\Program Files\a-squared Free 2008-09-19 10:46 . 2008-09-22 15:34 d----c--- C:\Documents and Settings\All Users\Application Data axmlefu 2008-09-18 11:28 . C:\Documents and Settings\Propriétaire\Application Data\vlc 2008-09-13 16:18 . 2008-09-13 16:19 d-------- C:\Program Files\PeerCast 2008-09-13 16:10 . 2008-09-13 16:32 d-------- C:\Program Files\Winamp 2008-09-13 16:06 . 2008-09-13 16:06 d----c--- C:\Documents and Settings\All Users\Application Data\wmp 2008-09-04 18:09 . 2008-09-04 18:09 d-------- C:\WINDOWS\LastGood 2008-09-04 18:09 . 2002-05-23 10:34 310,272 --a------ C:\WINDOWS\system32\winhttp.dll 2008-09-04 18:09 . 2001-08-28 14:00 180,736 --a------ C:\WINDOWS\system32\qmgr.dll 2008-09-04 18:09 . 2001-08-28 14:00 180,736 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll 2008-09-04 18:09 . 2001-08-28 14:00 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2008-09-04 18:09 . 2001-08-28 14:00 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll 2008-08-26 16:56 . 2008-08-26 17:13 d-------- C:\WINDOWS\LastGood.Tmp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-25 22:00 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7 2008-09-19 11:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Shareaza 2008-09-18 09:26 --------- d-----w C:\Program Files\VideoLAN 2008-09-11 06:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Adobe 2008-08-25 00:57 --------- d-----w C:\Program Files\AxBx 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-11 11:06 17,652 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_07_10_15_46_33_small.dmp.zip 2008-07-11 11:06 17,634 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_07_10_11_22_04_small.dmp.zip 2008-07-11 11:06 17,337 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_07_10_15_40_39_small.dmp.zip 2008-07-11 11:06 17,286 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_07_10_16_38_32_small.dmp.zip 2008-07-07 10:47 17,362 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_07_07_12_23_25_small.dmp.zip 2008-07-01 15:00 17,818 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_07_01_16_09_43_small.dmp.zip 2006-02-09 15:31 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 1491216] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-02 36864] "MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-19 639488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 114688] "dla"="C:\WINDOWS\system32\dla fswctrl.exe" [2002-07-16 106549] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 212992] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 4620288] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-06-14 81920] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 86016] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-05-21 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 217088] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 579584] "nwiz"="nwiz.exe" [2004-10-29 C:\WINDOWS\system32 wiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13312] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 219136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Suite"="regedit -s" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg20.dll "msacm.enc"= ITIG726.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a------ 2004-06-01 12:46 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= S2 11Fßä#·ºÄÖ`I;Remote Procedure Call (RPC) Helper;C:\WINDOWS\system32\crgn.exe [ ] S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\System32\DRIVERS\camdrv21.sys [ ] S3 idrmkl;idrmkl;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\idrmkl.sys [ ] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\System32\DRIVERS\k600bus.sys [2005-05-11 52384] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k600mdfl.sys [2005-05-11 6096] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\System32\DRIVERS\k600mdm.sys [2005-05-11 87456] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\System32\DRIVERS\k600mgmt.sys [2005-05-11 79248] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\System32\DRIVERS\k600obex.sys [2005-05-11 77072] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2001-08-17 13824] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760] . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-dog default - C:\DOCUME~1\PROPRI~1\APPLIC~1\PROXYS~1\acid second.exe HKCU-Run-IMC - C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe HKCU-Run-Microsoft Works Update Detection - c:\Program Files\Microsoft Works\WkDetect.exe HKCU-Run-mnten - C:\WINDOWS\system32\xybeluvi.exe HKCU-Run-Windows Update Service - update32.pif HKCU-RunServices-Windows Update Service - update32.pif HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe HKLM-Run-Windows Update Service - update32.pif HKLM-RunServices-Windows Update Service - update32.pif HKU-Default-Run-Windows Update Service - update32.pif HKU-Default-RunServices-Windows Update Service - update32.pif HKLM-Explorer_Run-p4Ctsnect2 - C:\Documents and Settings\All Users\Application Data axmlefu\hifipifg.exe SSODL-eplrr9-{AF3790DD-46A5-49EB-8001-2CD854132EB3} - (no file) MSConfigStartUp-DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe MSConfigStartUp-Steam - C:\Valve\Steam\Steam.exe MSConfigStartUp-Watch - C:\PROGRA~1\Minitel\Watch.exe . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/ R1 -: HKCU-Internet Settings,ProxyOverride = localhost O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: teleir_cert - hxxps://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab C:\WINDOWS\Downloaded Program Files eleir_cert.osd O16 -: {01347765-1965-426B-91A4-AA6BB342B9A3} - hxxp://videohd.m6.fr.ipercast.net/installer-hidden.cab C:\WINDOWS\Downloaded Program Files\installer.dll O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab C:\WINDOWS\Downloaded Program Files\MDM.inf O16 -: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:oo.mht!hxxp://69.50.136.249/tttlrmadam1000/help.chm::/uninst.exe O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe O16 -: {6DB731A3-B074-4118-8B1C-32511C65D836} - hxxp://www.mypixmania.com/fr/fr/tools/activex/fpu.cab C:\WINDOWS\Downloaded Program Files\fpu.inf C:\WINDOWS\System32\OLEAUT32.DLL C:\WINDOWS\System32\OLEPRO32.DLL C:\WINDOWS\System32\ASYCFILT.DLL C:\WINDOWS\System32\STDOLE2.TLB C:\WINDOWS\System32\COMCAT.DLL C:\WINDOWS\System32\ccrpftv6.ocx C:\WINDOWS\System32\XceedFtp.dll C:\WINDOWS\Downloaded Program Files\fpu.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-26 13:21:51 Windows 5.1.2600 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cb266f89] "ImagePath"="\SystemRoot\System32\drivers\cb266f89.sys" . ------------------------ Autres processus actifs ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Program Files\Logitech\Video\FxSvr2.exe . ************************************************************************** . Heure de fin: 2008-09-26 13:34:38 - La machine a redémarré ComboFix-quarantined-files.txt 2008-09-26 11:33:30 Avant-CF: 11ÿ768ÿ016ÿ896 octets libres Après-CF: 11,834,888,192 octets libres 205 --- E O F --- 2008-09-04 16:10:08

geoffrey5 · Answer

http://www.commentcamarche.net/forum/affich 8554128 suis deprime spyware detected?page=2#29

petrel28 · Answer

Clean Navipromo version 3.6.5 commencé le 26/09/2008 à 17:04:50,76

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Propriétaire" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2600.0000
Système de fichiers : NTFS


Mode suppression par méthode manuelle

Nom du fichier saisi : Kugloy

Nettoyage exécuté au redémarrage de l'ordinateur

*** Recherche, création sauvegardes et suppression ***

* Suppression dans "C:\WINDOWS\system32" *


* Suppression dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Propri‚taire\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 26/09/2008 à 17:10:00,62 ***

geoffrey5 · Answer

ok maintenant refais un nouveau rapport hijackthis stp

petrel28 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:43, on 26/09/2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla	fswctrl.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows	emp\adj_hp.reg (User 'Default user')
O4 - .DEFAULT User Startup: ddrive.js (User 'Default user')
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:oo.mht!http://69.50.136.249/tttlrmadam1000/help.chm::/uninst.exe
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {87DF6515-9121-42F3-8EF5-0363F6C2C977} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crgn.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

geoffrey5 · Answer

télécharge le SP2 pour windows XP et ensuite dis moi si tu as encore des problemes :

https://www.01net.com/telecharger/windows/Utilitaire/dll_librairies/fiches/29989.html

petrel28 · Answer

deja la il me semble que je n'ai plus de probleme 
le sp 2 je dois tout refragmenter non ?

geoffrey5 · Answer

non tu dois juste le télécharger

Suis deprimé spyware detected !!!!

37 réponses

Discussions similaires