problemes de pubs

[breizh shark]

bonjours à tous
Un pote a moi a pas mal de problemes sur son pc, il a fait un scan hijackthis
le voilà:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:06:48, on 24/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\TEMP\rlnb1.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 CE.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\seb1\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Portail Orange
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [rlnb1.exe] C:\WINDOWS\TEMP\rlnb1.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Team owns base drv] C:\Documents and Settings\All Users.WINDOWS\Application Data\BeepFourTeamOwns\UserJump.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Thirdvga] C:\DOCUME~1\JACQUIN\APPLIC~1\BLEH01~1\windowdownlo adcreative.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - Portail Orange (file missing) (HKCU)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...erstart_fr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lylie22indo.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O18 - Protocol: bw+0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SysNgm - Unknown owner - \\?\C:\Program Files\Fichiers communs\System\com8.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 23005 bytes


pourriez vous me dire ce qu'il faut faire pour complètement le desinfecter
merci

[Sham-Rock]

bonsoir breizh shark, bienvenue sur GNT

j'espére que tu as le pc sous la main car on a plusieurs infections en même temps, faudra plusieurs scans.
à première vue: infections magic control, lop et ware out.

on commence par ware out puis après deux scans pour continuer.

Etape 1
~Télécharge FixWareout de l'un de ces deux liens :
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

~Sauvegarde-le sur ton Bureau, puis lance-le.
Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
Suis les directives à l'écran.
L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
Le redémarrage risque de prendre un peu plus de temps; ceci est normal.

Etape 2


~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent et uniquement celles-là.

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66



Clique sur Fix checked (en bas à gauche)

Etape 3

Télécharge LopResearch.zip

LopResearch
Dézippe-le sur ton Bureau.
Lance le fichier Scan.bat
Un rapport sera généré, poste son contenu ici.





Etape 4
Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

NOTE : Le rapport se trouve également ici : C:\fixnavi.txt


note:
le prochain hijackthis que tu feras, tu le feras avec mon lien car là, tu utilises une version beta.
~ Télécharge HijackThis
http://www.merijn.org/files/hijackthis.zip ;

[breizh shark]

merci pour cette aide
j'ai fais les scans
voici tout d'abord le rapport fixwareout:

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csgtx.exe"
»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "0mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "1mdm" Deleted
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
C:\WINDOWS\system32\dmcea.exe 60979 05/08/2004
C:\WINDOWS\system32\dmctz.exe 60979 05/08/2004
C:\WINDOWS\system32\dmiex.exe 60979 05/08/2004
C:\WINDOWS\system32\dmkhx.exe 60979 05/08/2004
C:\WINDOWS\system32\dmltp.exe 60979 05/08/2004
C:\WINDOWS\system32\dmubr.exe 60979 05/08/2004
C:\WINDOWS\system32\dmvjb.exe 60979 05/08/2004
C:\WINDOWS\system32\dmyzw.exe 60979 05/08/2004
C:\WINDOWS\system32\csfym.exe 51775 13/11/2006
C:\WINDOWS\system32\csppk.exe 51717 05/10/2006
Click browse, find the file then click submit.
VIRUSTOTAL - Free Online Virus and Malware Scan
Or Online malware scan
»»»»» Other
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"autoclk"="autoclk.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"adiras"="adiras.exe"
"KAVPersonal50"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe /minimize"
"rlnb1.exe"="C:\\WINDOWS\\TEMP\\rlnb1.exe"
"EPSON Stylus Photo RX420 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_FATI9CE.EXE /P31 \"EPSON Stylus Photo RX420 Series\" /O6 \"USB001\" /M \"Stylus Photo RX420\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Team owns base drv"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\BeepFourTeamOwns\\UserJump.exe"
"WOOTASKBARICON"="C:\\Program Files\\Wanadoo\\taskbaricon.exe"
"mctnvlfvb"="c:\\windows\\system32\\mctnvlfvb. exe mctnvlfvb"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe EspaceWanadoo.exe"
"Thirdvga"="C:\\DOCUME~1\\JACQUIN\\APPLIC~1\\BLEH0 1~1\\windowdownloadcreative.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"messengerskinner"="C:\\Program Files\\MessengerSkinner\\MessengerSkinner.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

le rapport Lop:
Rapport fait à 13:27:18,90 le 26/05/2007
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4CA3-0B2A
R‚pertoire de C:\Documents and Settings\All Users\Application Data
20/09/2006 19:25 <REP> WinAntiVirus Pro 2006
13/09/2006 18:13 <REP> Google
01/04/2006 16:32 <REP> Apple Computer
31/03/2006 21:50 <REP> Ulead Systems
15/01/2006 15:48 <REP> pixelStorm
14/01/2006 16:47 <REP> Spybot - Search & Destroy
18/10/2005 19:12 <REP> Messenger Plus!
09/08/2005 14:51 <REP> CyberLink
09/08/2005 14:38 <REP> Ahead
09/08/2005 14:32 <REP> UDL
09/08/2005 09:04 <REP> Windows Genuine Advantage
09/08/2005 00:51 62 desktop.ini
09/08/2005 00:51 <REP> Microsoft
09/08/2005 00:51 <REP> ..
09/08/2005 00:51 <REP> .
08/08/2005 18:23 <REP> Adobe
08/08/2005 18:20 <REP> Ciel
1 fichier(s) 62 octets
16 R‚p(s) 629440512 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4CA3-0B2A
R‚pertoire de C:\Documents and Settings\All Users.WINDOWS\Application Data
12/03/2007 17:51 <REP> Adobe
11/03/2007 19:32 <REP> Windows Genuine Advantage
30/01/2007 18:35 <REP> 4D
13/12/2006 20:02 <REP> CyberLink
13/11/2006 14:49 1755 QTSBandwidthCache
11/11/2006 11:49 <REP> Spybot - Search & Destroy
07/11/2006 18:44 <REP> UDL
01/11/2006 21:13 <REP> Apple Computer
12/10/2006 19:00 <REP> Kaspersky Anti-Virus Personal
12/10/2006 18:59 <REP> Ciel
02/10/2006 21:07 <REP> BeepFourTeamOwns
02/10/2006 16:21 62 desktop.ini
02/10/2006 16:21 <REP> Microsoft
02/10/2006 16:21 <REP> .
02/10/2006 16:21 <REP> ..
2 fichier(s) 1817 octets
13 R‚p(s) 629440512 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4CA3-0B2A
R‚pertoire de C:\Documents and Settings\Default User\Application Data
09/08/2005 00:51 62 desktop.ini
09/08/2005 00:51 <REP> ..
09/08/2005 00:51 <REP> Microsoft
09/08/2005 00:51 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 629440512 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4CA3-0B2A
R‚pertoire de C:\Documents and Settings\Default User.WINDOWS\Application Data
02/10/2006 16:21 62 desktop.ini
02/10/2006 16:21 <REP> ..
02/10/2006 16:21 <REP> Microsoft
02/10/2006 16:21 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 629440512 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4CA3-0B2A
R‚pertoire de C:\Documents and Settings\JACQUIN\Application Data
24/02/2007 12:47 <REP> CopyToDvd
24/02/2007 12:42 34 pcouffin.log
24/02/2007 12:42 87608 ezpinst.exe
24/02/2007 12:42 1074 pcouffin.cat
24/02/2007 12:42 47360 pcouffin.sys
24/02/2007 12:42 1144 pcouffin.inf
24/02/2007 12:42 <REP> Vso
23/02/2007 19:05 <REP> MessengerSkinner
19/02/2007 19:37 <REP> iShell
25/01/2007 20:05 <REP> Teleca
19/01/2007 15:12 <REP> Sun
09/01/2007 14:20 <REP> LimeWire
25/12/2006 14:12 <REP> Panasonic
22/12/2006 19:10 <REP> dvdcss
05/12/2006 18:53 <REP> CyberLink
13/11/2006 21:11 <REP> vlc
11/11/2006 11:22 <REP> Lavasoft
09/11/2006 01:19 <REP> ArcSoft
09/11/2006 01:17 <REP> Smart Panel
05/11/2006 19:33 <REP> AdobeUM
05/11/2006 19:33 <REP> Adobe
01/11/2006 21:17 <REP> Apple Computer
12/10/2006 19:14 <REP> Mozilla
02/10/2006 21:06 <REP> bleh 01
02/10/2006 19:23 <REP> MSNInstaller
02/10/2006 19:15 <REP> Macromedia
02/10/2006 14:56 <REP> Help
02/10/2006 14:44 <REP> Identities
02/10/2006 14:44 62 desktop.ini
02/10/2006 14:44 <REP> ..
02/10/2006 14:44 <REP> .
02/10/2006 14:44 <REP> Microsoft
6 fichier(s) 137282 octets
26 R‚p(s) 629436416 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4CA3-0B2A
R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data
20/09/2006 19:25 <REP> WinAntiVirus Pro 2006
20/09/2006 19:21 92880 winantiviruspro2006freeinstall_fr[1].exe
18/05/2006 19:48 <REP> LimeWire
03/05/2006 19:34 <REP> La Bataille pour la Terre du Milieu T II
01/04/2006 17:25 <REP> Apple Computer
01/04/2006 13:21 <REP> Ulead Systems
29/03/2006 17:34 <REP> Google
29/03/2006 17:29 <REP> Real
22/03/2006 18:38 <REP> MSNInstaller
08/01/2006 14:50 <REP> MailFrontier
19/11/2005 20:07 <REP> Lavasoft
19/11/2005 19:50 <REP> Kazaa Lite
03/11/2005 17:47 <REP> FotoWire
24/10/2005 13:45 <REP> AdobeUM
02/10/2005 12:23 <REP> Macromedia
07/09/2005 19:13 <REP> Adobe
01/09/2005 19:43 <REP> ArcSoft
17/08/2005 18:09 <REP> Leadertech
11/08/2005 17:05 <REP> Smart Panel
09/08/2005 18:31 <REP> CyberLink
09/08/2005 14:53 <REP> Ahead
09/08/2005 14:31 <REP> Mozilla
08/08/2005 18:34 <REP> Help
08/08/2005 18:22 2048 user60.rdb
08/08/2005 18:22 123 sversion.ini
08/08/2005 18:21 <REP> OFFICE One v6
08/08/2005 18:11 <REP> Identities
08/08/2005 18:11 62 desktop.ini
08/08/2005 18:11 <REP> Microsoft
08/08/2005 18:11 <REP> ..
08/08/2005 18:11 <REP> .
29/05/2005 20:14 12 uns.tmp
5 fichier(s) 95125 octets
27 R‚p(s) 629436416 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4CA3-0B2A
R‚pertoire de C:\Documents and Settings\qvnQPBktDvKWH\Application Data
25/10/2006 19:27 62 desktop.ini
25/10/2006 19:27 <REP> ..
25/10/2006 19:27 <REP> Microsoft
25/10/2006 19:27 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 629436416 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4CA3-0B2A
R‚pertoire de C:\WINDOWS\Tasks
26/02/2007 14:32 270 A183E683918461E7.job
01/11/2006 21:14 284 AppleSoftwareUpdate.job
02/10/2006 14:42 6 SA.DAT
02/10/2006 14:35 65 desktop.ini
08/08/2005 22:59 <REP> ..
08/08/2005 22:59 <REP> .
4 fichier(s) 625 octets
2 R‚p(s) 629ÿ436ÿ416 octets libres
******************************************
Recherche dans Program files
Pas de dossiers relatifs à Lop
******************************************
Recherche d'infections connues

C:\WINDOWS\system32\nvs2.inf Egdaccess possible !

C:\WINDOWS\system32\csfym.exe Wareout possible ! [#ff0000]faux-positif si csrss.exe ![/#f]

C:\WINDOWS\system32\csppk.exe Wareout possible ! [#ff0000]faux-positif si csrss.exe ![/#f]

C:\WINDOWS\system32\csrss.exe Wareout possible ! [#ff0000]faux-positif si csrss.exe ![/#f]
*************** Fin du rapport ****************


et enfin navilog:
Search Navipromo version 2.0.2 commencé le 26/05/2007 à 13:45:39,57

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***

MessengerSkinner

*** Recherche dossiers dans C:\WINDOWS ***


*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\MessengerSkinner trouvé !

*** Recherche dossiers dans C:\Documents and Settings\All Users.WINDOWS\Application Data ***


*** Recherche dossiers dans C:\Documents and Settings\JACQUIN\Application Data ***

...\Application Data\MessengerSkinner trouvé !
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
F-Secure Blacklight > F-Secure Blacklight

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 05/26/07 at 13:45:41.
[-] ERROR: F-Secure BlackLight could not acquire debug privileges.
[+] Exited on 05/26/07 at 13:45:41 (return code = 3).

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche cles registre ***

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs]


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Mod uleUsage]


Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_USERS\S-1-5-21-329068152-920026266-682003330-1004\Software\Lanconfig trouvé !


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :
*
C:\WINDOWS\system32\mctnvlfvb.dat trouvé !
**
C:\WINDOWS\system32\mctnvlfvb.dat trouvé !
***
****
*****
C:\WINDOWS\system32\ajamxhzldg_navtmp.dat trouvé !
******
*******
********
C:\WINDOWS\system32\iawctz.exe trouvé !
C:\WINDOWS\system32\mctnvlfvb.exe trouvé !


*** Analyse Terminé le 26/05/2007 à 13:45:55,07 ***

par contre lors du scan hijackthis je n'ai pas retrouvé les lignes qu'il fallai cocher
voici le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 13:46:54, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\TEMP\rlnb1.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 CE.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\JACQUIN\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Portail Orange
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [rlnb1.exe] C:\WINDOWS\TEMP\rlnb1.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Team owns base drv] C:\Documents and Settings\All Users.WINDOWS\Application Data\BeepFourTeamOwns\UserJump.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Thirdvga] C:\DOCUME~1\JACQUIN\APPLIC~1\BLEH01~1\windowdownlo adcreative.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - Portail Orange (file missing) (HKCU)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...erstart_fr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lylie22indo.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {C06972EE-211E-42CC-8AF1-30495FB7CE6B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SysNgm - Unknown owner - \\?\C:\Program Files\Fichiers communs\System\com8.exe (file missing)

[angelique]

'soir Sham-Rock , breizh shark

je me permet d'intervenir à ta demande, en cas d'absence de ta part Sham-Rock ;o)

breizh shark!
C'est Niarks_Party chez toi !!

1ere ETAPE EN MODE NORMAL

1/executer/cmd
dans la fenetre d'invite de commande, tape en respectant les espaces(meme apres = ) et valide par enter:

sc stop FTRTSVC
sc stop SysNgm
sc config FTRTSVC start= disabled
sc config SysNgm start= disabled
sc delete FTRTSVC
sc delete SysNgm
exit

2/Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

*Télécharge Brute Force Uninstaller (de Merijn).http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

*Clique droit sur http://www.alt-shift-return.org/Info...insoftware.bfu et choisis "Enregistrer la cible sous..." afin de télécharger Winsoftware.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU :Winsoftware.bfu et BFU.exe (très important).

idem avec http://perso.orange.fr/Chercheur-per...ts/toolbar.bfu

Tu dois maintenant avoir 3 fichiers dans le dossier C:\BFU :Winsoftware.bfu ; toolbar.bfu et BFU.exe (très important).



-Télécharge Killbox d'O^E à partir d'ici:

http://www.downloads.subratam.org/KillBox.exe <---met le sur ton bureau

- AVG anti spyware --> ewido - anti-spyware and anti-malware solutions
- Fais la mise à jour

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1 <----met le sur ton bueau
- Easycleaner --> EasyCleaner

3/relance Hijackthis "do a system scan only", coche uniquement et clic fixchecked les lignes ci dessous:

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [rlnb1.exe] C:\WINDOWS\TEMP\rlnb1.exe
O4 - HKLM\..\Run: [Team owns base drv] C:\Documents and Settings\All Users.WINDOWS\Application Data\BeepFourTeamOwns\UserJump.exe
O4 - HKCU\..\Run: [Thirdvga] C:\DOCUME~1\JACQUIN\APPLIC~1\BLEH01~1\windowdownlo adcreative.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...erstart_fr.cab
toutes les 018 SAUF LES 3 DERNIERES

4/Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC

2eme ETAPE EN MODE SANS ECHEC

1/Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.


- La suppression des certificats: pour celà, il y a lieu à la fin de la désinfection de rajouter ces manips :
CITATION
Fermes internet explorer puis Démarrer/panneau de configuration/options internet
- onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés", mais regarde ailleurs :
electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"
Tu les suppriment.


2/**Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Winsoftware.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Winsoftware.bfu

Clique sur le bouton Execute et laisse-le faire son travail.

Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.

**refait pareil avec le 2eme .bfu

Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

toolbar.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\toolbar.bfu

Clique sur le bouton Execute et laisse-le faire son travail.

Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.


3/** execute la commande ci dessous dans la fenetre noir d'invite de commande(executer/cmd)

del /q /f /s C:\WINDOWS\TEMP\*.*
del C:\WINDOWS\Tasks\A183E683918461E7.job

**ouvre ton bloc note, selectionner tout le contenu du code ci dessous, et clic droit "copier"

Code:

C:\Program Files\Fichiers communs\System\com8.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\dmcea.exe
C:\WINDOWS\system32\dmctz.exe
C:\WINDOWS\system32\dmiex.exe
C:\WINDOWS\system32\dmkhx.exe
C:\WINDOWS\system32\dmltp.exe 
C:\WINDOWS\system32\dmubr.exe
C:\WINDOWS\system32\dmvjb.exe
C:\WINDOWS\system32\dmyzw.exe
C:\WINDOWS\system32\csfym.exe
C:\WINDOWS\system32\csppk.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\BeepFourTeamOwns
C:\DOCUME~1\JACQUIN\APPLIC~1\BLEH01~1\windowdownlo adcreative.exe

--> lance killbox.exe
Clique sur le menu "File" de KillBox (en haut à gauche) et choisis l'option => Paste from clipboard
Coche les cases : "Delete on Reboot"
Une fois le bouton radio "Delete on Reboot" coché, la case "Single File" va clignoter: clique sur la case "All Files"

Clique sur la croix blanche sur fond rouge , au message suivant qui va s'afficher:

Citation:

« File will be Removed on Reboot, Do you want to reboot now ? »

: répondre YES
Le PC va redémarrer et supprimer le fichier de la liste.Sinon redémarre manuellement.

4/te revoila en mode normal

Nettoie ton système avec Easycleaner et ATF-cleaner, et avg antispyware


*Easycleaner

-onglet mise à jour/verifier/clic liste noire
-Lance Easycleaner "inutiles" et "registre" Ne touche en aucun cas à la fonctions doublons
-Supprime tout ce que te propose Easycleaner
-Vide la corbeille


*ATF Cleaner
Double-clique ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected
Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Clique Exit, du menu prinicipal, afin de fermer le programme.

Fais un scan avec avg antispywere

cd tuto>> tutorial AVG Anti-Spyware 7.5 pour votre sécurité

AVG AS puis choisis l'onglet Analyse
Puis l'onglet Paramètres
Sous la question Comment réagir ?, clique sur Actions recommandées et choisis Quarantaine
Re-clique sur l'onglet Analyse puis réalise une Analyse complète du système

Si un fichier est infecté détécté en fin d'analyse
Clique sur Appliquer toutes les actions

Clique sur Enregistrer le rapport puis sur Enregistrer le rapport sous
Enregistre ce fichier texte sur ton bureau


______________________________________

Tu posteras donc en resultat un nouveau rapport HijackThis, le rapport de killbox (normalement en C:\!KillBox\Logs) ainsi que le rapport navilog(c:\fixnavi) et le rapport avg antispyware pour que Sham_Rock les verifie

_________________