aliyaa

salut désolé pour le retard j'ai réessayer et cela donne la même chose peut être as tu une autre technique merci

ComboFix 07-11-01.1 - LINASTORE 2007-11-04 22:06:12.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.189 [GMT 1:00] Running from: C:\Documents and Settings\LINASTORE\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\LINASTORE\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))))))) . 2007-11-04 14:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-04 14:43 17,920 --a------ C:\WINDOWS\system32\DllCache\tftp.exe 2007-11-04 14:41 <REP> d-------- C:\msnfix 2007-11-04 10:50 <REP> d-------- C:\Program Files\Trend Micro 2007-11-01 18:48 <REP> d-------- C:\Documents and Settings\LINASTORE\Application Data\Programbinhope 2007-10-31 19:49 <REP> d-------- C:\Program Files\Programbinhope 2007-10-31 19:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ford does hold option 2007-10-31 19:47 <REP> d-------- C:\Program Files\Adverts 2007-10-31 19:47 <REP> d-------- C:\Documents and Settings\mohamed27\Application Data\Programbinhope 2007-10-31 19:17 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-10-30 09:25 <REP> d-------- C:\Documents and Settings\LINASTORE\Application Data\Bitdefender 2007-10-30 09:08 <REP> d-------- C:\Documents and Settings\mohamed27\Application Data\Bitdefender 2007-10-30 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2007-10-29 13:47 <REP> d-------- C:\Program Files\DivX 2007-10-29 11:46 <REP> d-------- C:\Program Files\safeer 2007-10-29 11:46 286,720 --------- C:\WINDOWS\Setup1.exe 2007-10-29 11:46 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-10-27 23:28 584,192 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll 2007-10-27 23:22 <REP> d-------- C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-04 16:00 --------- d-----w C:\Program Files\Lx_cats 2007-11-02 11:21 10 ----a-w C:\Program Files\.autoreg 2007-10-31 19:16 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-10-31 18:51 --------- d-----w C:\Program Files\Windows Live 2007-10-31 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-31 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-10-30 10:09 --------- d-----w C:\Program Files\Radio Fr Solo 2007-07-25 12:44 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe 2007-01-05 16:49 24,192 ----a-w C:\Documents and Settings\mohamed27\usbsermptxp.sys 2007-01-05 16:49 22,768 ----a-w C:\Documents and Settings\mohamed27\usbsermpt.sys 2007-01-05 15:25 461 ----a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( snapshot@2007-11-04_15.01.15.89 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-04 13:58:19 81,984 ----a-w C:\WINDOWS\system32\bdod.bin + 2007-11-04 21:05:49 81,984 ----a-w C:\WINDOWS\system32\bdod.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BDSwitchAgent"="c:\progra~1\softwin\bitdef~1\bdswitch.exe" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-03 14:52] "NWEReboot"="" [] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 14:29] "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46] "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45] "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18] "LClock"="lclock.exe" [2004-12-08 18:06 C:\WINDOWS\LClock.exe] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 14:11] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 14:17] "morecopy"="C:\DOCUME~1\LINAST~1\APPLIC~1\PROGRA~1\Holdhidebore.exe" [2007-10-31 19:49] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "LSD_III"=%systemroot%\LSD\end.cmd "tscuninstall"=%systemroot%\system32\tscupgrd.exe C:\Documents and Settings\mohamed27\Menu Démarrer\Programmes\Démarrage\ Y'z Toolbar.lnk - C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolBar.exe [2007-05-26 21:05:13] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 14:27:37] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-26 17:39:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoSMBalloonTip"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S1 hidfltr;HID Filter Driver;C:\WINDOWS\system32\drivers\MWhid.sys S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys S3 LVVI500A;LVVI500A Service;C:\WINDOWS\system32\DRIVERS\lvvi500a.sys S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-04 13:53:58 C:\WINDOWS\Tasks\A62CD8FE90BF547E.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-04 22:07:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-04 22:08:25 C:\ComboFix2.txt ... 2007-11-04 21:41 C:\ComboFix3.txt ... 2007-11-04 15:02 . --- E O F ---

voici le rapport combofix il n'y a plus de pub c'est super cool !!! ComboFix 07-11-01.1 - LINASTORE 2007-11-04 21:39:09.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.149 [GMT 1:00] Running from: C:\Documents and Settings\LINASTORE\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\LINASTORE\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))))))) . 2007-11-04 14:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-04 14:43 17,920 --a------ C:\WINDOWS\system32\DllCache\tftp.exe 2007-11-04 14:41 <REP> d-------- C:\msnfix 2007-11-04 10:50 <REP> d-------- C:\Program Files\Trend Micro 2007-11-01 18:48 <REP> d-------- C:\Documents and Settings\LINASTORE\Application Data\Programbinhope 2007-10-31 19:49 <REP> d-------- C:\Program Files\Programbinhope 2007-10-31 19:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ford does hold option 2007-10-31 19:47 <REP> d-------- C:\Program Files\Adverts 2007-10-31 19:47 <REP> d-------- C:\Documents and Settings\mohamed27\Application Data\Programbinhope 2007-10-31 19:17 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-10-30 09:25 <REP> d-------- C:\Documents and Settings\LINASTORE\Application Data\Bitdefender 2007-10-30 09:08 <REP> d-------- C:\Documents and Settings\mohamed27\Application Data\Bitdefender 2007-10-30 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2007-10-29 13:47 <REP> d-------- C:\Program Files\DivX 2007-10-29 11:46 <REP> d-------- C:\Program Files\safeer 2007-10-29 11:46 286,720 --------- C:\WINDOWS\Setup1.exe 2007-10-29 11:46 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-10-27 23:28 584,192 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll 2007-10-27 23:22 <REP> d-------- C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-04 20:40 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2007-11-04 16:00 --------- d-----w C:\Program Files\Lx_cats 2007-11-04 13:25 46,080 ----a-w C:\WINDOWS\system32\ftp.exe 2007-11-02 11:21 10 ----a-w C:\Program Files\.autoreg 2007-10-31 19:16 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-10-31 18:51 --------- d-----w C:\Program Files\Windows Live 2007-10-31 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-31 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-10-30 10:09 --------- d-----w C:\Program Files\Radio Fr Solo 2007-08-22 12:57 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll 2007-08-22 12:57 646,144 ----a-w C:\WINDOWS\system32\DllCache\shlwapi.dll 2007-08-22 12:57 640,000 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll 2007-08-22 12:57 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll 2007-08-22 12:57 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll 2007-08-22 12:57 5,280,768 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll 2007-08-22 12:57 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll 2007-08-22 12:57 4,272,128 ----a-w C:\WINDOWS\system32\DllCache\shdocvw.dll 2007-08-22 12:57 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll 2007-08-22 12:57 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll 2007-08-22 12:57 251,904 ------w C:\WINDOWS\system32\DllCache\iepeers.dll 2007-08-22 12:57 205,824 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll 2007-08-22 12:57 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll 2007-08-22 12:57 152,064 ------w C:\WINDOWS\system32\DllCache\cdfview.dll 2007-08-22 12:57 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll 2007-08-22 12:57 1,147,392 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll 2007-08-22 12:57 1,056,768 ------w C:\WINDOWS\system32\DllCache\danim.dll 2007-08-22 12:57 1,044,992 ----a-w C:\WINDOWS\system32\DllCache\browseui.dll 2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\DllCache\inetcomm.dll 2007-08-16 15:17 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-07-25 12:44 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe 2007-01-05 16:49 24,192 ----a-w C:\Documents and Settings\mohamed27\usbsermptxp.sys 2007-01-05 16:49 22,768 ----a-w C:\Documents and Settings\mohamed27\usbsermpt.sys 2007-01-05 15:25 461 ----a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) .

merci pour ton aide donc voici le rapport msn fix MSNFix 1.561 C:\msnfix\MSNFix Fix exécuté le 04/11/2007 - 14:41:55,68 By LINASTORE mode normal ************************ Recherche les fichiers présents ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton ... C:\Program Files\Fichiers communs\Carlson\carlton ... C:\PROGRA~1\Insider\Insider.exe ... C:\PROGRA~1\Temporary\wininstall.exe ... C:\PROGRA~1\WinAble\winable.exe ... C:\er-1-1148.exe ... C:\WINDOWS\b122.exe ... C:\WINDOWS\LBTWiz.exe ... C:\WINDOWS\mrofinu*.exe ... C:\WINDOWS\msnimport.exe ... C:\WINDOWS\Nokia_19_jpg.zip ... C:\WINDOWS\system32\microsoft\backup.ftp ... C:\WINDOWS\system32\microsoft\backup.tftp ... C:\WINDOWS\Nokia_19_jpg.zip ************************ MSNCHK ***** /!\ beta test /!\ [!] C:\WINDOWS\Nokia_19_jpg.zip is INFECTED ************************ Recherche les dossiers présents ... C:\Program Files\Fichiers communs\Carlson\ ... C:\PROGRA~1\InetGet2\ ... C:\PROGRA~1\Insider\ ... C:\PROGRA~1\Temporary\ ... C:\PROGRA~1\WinAble\ ... C:\Temp\ ************************ Suppression des fichiers .. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton .. OK ... C:\Program Files\Fichiers communs\Carlson\carlton /!\ ... C:\PROGRA~1\Insider\Insider.exe .. OK ... C:\PROGRA~1\Temporary\wininstall.exe /!\ ... C:\PROGRA~1\WinAble\winable.exe .. OK ... C:\er-1-1148.exe .. OK ... C:\WINDOWS\b122.exe /!\ ... C:\WINDOWS\LBTWiz.exe /!\ ... C:\WINDOWS\mrofinu*.exe .. OK ... C:\WINDOWS\msnimport.exe .. OK ... C:\WINDOWS\Nokia_19_jpg.zip .. OK ... C:\WINDOWS\system32\microsoft\backup.ftp .. OK ... C:\WINDOWS\system32\microsoft\backup.tftp .. OK ... C:\3d3t4t8n7l.exe .. OK ... C:\3d3t4t8n7l.exe .. OK ... C:\3d3t4t8n7l.exe .. OK ... C:\3d3t4t8n7l.exe .. OK ... C:\WINDOWS\Nokia_19_jpg.zip ************************ Suppression des dossiers .. OK ... C:\Program Files\Fichiers communs\Carlson\ .. OK ... C:\PROGRA~1\InetGet2\ /!\ ... C:\PROGRA~1\Insider\ .. OK ... C:\PROGRA~1\Temporary\ /!\ ... C:\PROGRA~1\WinAble\ .. OK ... C:\Temp\ ************************ Nettoyage du registre Les fichiers encore présents seront supprimés au prochain redémarrage ************************ Suppression des fichiers .. OK ... C:\PROGRA~1\Insider\Insider.exe .. OK ... C:\PROGRA~1\WinAble\winable.exe .. OK ... C:\WINDOWS\LBTWiz.exe .. OK ... C:\WINDOWS\mrofinu*.exe ************************ Fichiers suspects Aucun Fichier trouvé Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 04112007_14464278.zip ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- le rapport combofix ComboFix 07-11-01.1 - LINASTORE 2007-11-04 14:51:47.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.162 [GMT 1:00] Running from: C:\Documents and Settings\LINASTORE\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\ilham la marocaine\Bureau\internet.lnk C:\Documents and Settings\LINASTORE\Application Data\APPATC~1 C:\Documents and Settings\LINASTORE\Application Data\APPATC~1\w?auboot.exe C:\Documents and Settings\LINASTORE\Application Data\ICROSO~1 C:\Documents and Settings\LINASTORE\Application Data\ICROSO~1\?icrosoft\ C:\Documents and Settings\LINASTORE\Application Data\ICROSO~1\winspool.exe C:\Documents and Settings\LINASTORE\Application Data\WinTouch\wintouch.cfg C:\Documents and Settings\LINASTORE\Application Data\WinTouch\WinTouch.exe C:\Documents and Settings\LINASTORE\Application Data\WinTouch\WTUninstaller.exe C:\Documents and Settings\LINASTORE\Bureau\internet.lnk C:\Documents and Settings\LINASTORE\Menu Démarrer\Programmes\Outerinfo C:\Documents and Settings\LINASTORE\Menu Démarrer\Programmes\Outerinfo\Terms.lnk C:\Documents and Settings\LINASTORE\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk C:\Documents and Settings\mohamed27\Bureau\internet.lnk C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe C:\Program Files\Insider C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\Program Files\WinAble C:\WINDOWS\b111.exe C:\WINDOWS\b128.exe C:\WINDOWS\b138.exe C:\WINDOWS\b147.exe C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\rctj.dll C:\WINDOWS\system32\wnscpicom32.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))))))) . 2007-11-04 14:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-04 14:43 17,920 --a------ C:\WINDOWS\system32\DllCache\tftp.exe 2007-11-04 14:41 <REP> d-------- C:\msnfix 2007-11-04 10:50 <REP> d-------- C:\Program Files\Trend Micro 2007-11-01 18:48 <REP> d-------- C:\Documents and Settings\LINASTORE\Application Data\Programbinhope 2007-10-31 19:49 <REP> d-------- C:\Program Files\Programbinhope 2007-10-31 19:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ford does hold option 2007-10-31 19:47 <REP> d-------- C:\Program Files\Adverts 2007-10-31 19:47 <REP> d-------- C:\Documents and Settings\mohamed27\Application Data\Programbinhope 2007-10-31 19:17 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-10-30 09:25 <REP> d-------- C:\Documents and Settings\LINASTORE\Application Data\Bitdefender 2007-10-30 09:08 <REP> d-------- C:\Documents and Settings\mohamed27\Application Data\Bitdefender 2007-10-30 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2007-10-29 13:47 <REP> d-------- C:\Program Files\DivX 2007-10-29 11:46 <REP> d-------- C:\Program Files\safeer 2007-10-29 11:46 286,720 --------- C:\WINDOWS\Setup1.exe 2007-10-29 11:46 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-10-27 23:28 584,192 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll 2007-10-27 23:22 <REP> d-------- C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-04 13:46 --------- d-----w C:\Program Files\Lx_cats 2007-11-02 11:21 10 ----a-w C:\Program Files\.autoreg 2007-10-31 19:16 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-10-31 18:51 --------- d-----w C:\Program Files\Windows Live 2007-10-31 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-31 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-10-30 10:09 --------- d-----w C:\Program Files\Radio Fr Solo 2007-07-25 12:44 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe 2007-01-05 16:49 24,192 ----a-w C:\Documents and Settings\mohamed27\usbsermptxp.sys 2007-01-05 16:49 22,768 ----a-w C:\Documents and Settings\mohamed27\usbsermpt.sys 2007-01-05 15:25 461 ----a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BDSwitchAgent"="c:\progra~1\softwin\bitdef~1\bdswitch.exe" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-03 14:52] "NWEReboot"="" [] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 14:29] "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46] "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45] "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49] "Hold option boob bin"="C:\Documents and Settings\All Users\Application Data\ford does hold option\help that.exe" [2007-11-04 15:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18] "LClock"="lclock.exe" [2004-12-08 18:06 C:\WINDOWS\LClock.exe] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 14:11] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 14:17] "Ptes"="C:\DOCUME~1\LINAST~1\APPLIC~1\ICROSO~1\winspool.exe" [] "Ryfvj"="C:\Documents and Settings\LINASTORE\Application Data\A?pPatch\w?auboot.exe" [] "morecopy"="C:\DOCUME~1\LINAST~1\APPLIC~1\PROGRA~1\Holdhidebore.exe" [2007-10-31 19:49] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "LSD_III"=%systemroot%\LSD\end.cmd "tscuninstall"=%systemroot%\system32\tscupgrd.exe C:\Documents and Settings\mohamed27\Menu Démarrer\Programmes\Démarrage\ Y'z Toolbar.lnk - C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolBar.exe [2007-05-26 21:05:13] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 14:27:37] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-26 17:39:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoSMBalloonTip"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S1 hidfltr;HID Filter Driver;C:\WINDOWS\system32\drivers\MWhid.sys S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys S3 LVVI500A;LVVI500A Service;C:\WINDOWS\system32\DRIVERS\lvvi500a.sys S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-04 13:53:58 C:\WINDOWS\Tasks\A62CD8FE90BF547E.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-04 15:00:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-11-04 15:02:27 - machine was rebooted . --- E O F --- et le nouveau rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:06:37, on 04/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\lclock.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5mefr_ms/157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [Hold option boob bin] C:\Documents and Settings\All Users\Application Data\ford does hold option\help that.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LClock] lclock.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Ptes] "C:\DOCUME~1\LINAST~1\APPLIC~1\ICROSO~1\winspool.exe" -vt yazb O4 - HKCU\..\Run: [Ryfvj] "C:\Documents and Settings\LINASTORE\Application Data\A?pPatch\w?auboot.exe" O4 - HKCU\..\Run: [morecopy] C:\DOCUME~1\LINAST~1\APPLIC~1\PROGRA~1\Holdhidebore.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 9982 bytes merci encore

hello à tous franchement cela me prends trop la tête je suis ENCORE infestée de pub le pire je sais même pas d'ou cela vient de quelle site ??? la plupart sont de http://rond.starsdoor.com enfin je vous transmet le rapport hijackthis merci pour votre aide !!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:27, on 04/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\LBTWiz.exe C:\WINDOWS\mrofinu1148.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\lclock.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\WinAble\winable.exe C:\Program Files\Insider\Insider.exe C:\DOCUME~1\LINAST~1\APPLIC~1\ICROSO~1\winspool.exe C:\Documents and Settings\LINASTORE\Application Data\A?pPatch\w?auboot.exe C:\Documents and Settings\LINASTORE\Application Data\WinTouch\WinTouch.exe C:\Documents and Settings\LINASTORE\Application Data\Microsoft\Windows\bqkvitb.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5mefr_ms/157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {B2FF8B34-108E-422F-DC2E-39E671845EE5} - C:\WINDOWS\system32\rctj.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [Hold option boob bin] C:\Documents and Settings\All Users\Application Data\ford does hold option\help that.exe O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\LBTWiz.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LClock] lclock.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe O4 - HKCU\..\Run: [insider] C:\Program Files\Insider\Insider.exe O4 - HKCU\..\Run: [Ptes] "C:\DOCUME~1\LINAST~1\APPLIC~1\ICROSO~1\winspool.exe" -vt yazb O4 - HKCU\..\Run: [Ryfvj] "C:\Documents and Settings\LINASTORE\Application Data\A?pPatch\w?auboot.exe" O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\LINASTORE\Application Data\WinTouch\WinTouch.exe O4 - HKCU\..\Run: [sfKg6w] C:\Documents and Settings\LINASTORE\Application Data\Microsoft\Windows\bqkvitb.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 10915 bytes

merci beaucoup pour mon frére tu peux compter sur moi bonne continuation

j'ai fais un scan avec bitdefender no virus detected

AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 23:41:37 04/06/2007 + Résultat de l'analyse: Fin du rapport scan Kaspersky en ligne est en cours

pour le rapport j'ai pas fais enregistrer mais sinon j'ai fix cheked sur hijack et depuis j'ai pas vu une pub réapparaitre

il ne me dit qu'il y a pas de rapport donné sinon y'a juste un résultat d'analyse qui dit que tout à été nettoyé ...

voici le rapport Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Script execute en mode sans echec 04/06/2007 a 22:55:39,01 Microsoft Windows XP [version 5.1.2600] *** Suppression des fichiers dans C: *** Suppression des fichiers dans C:\WINDOWS\ *** Suppression des fichiers dans C:\WINDOWS\system32 tentative de suppression de C:\WINDOWS\system32\bdod.bin *** Suppression des fichiers dans C:\Program Files tentative de suppression de "C:\Program Files\Multi_Media_France\" tentative de suppression de "C:\Program Files\Save\" *** Suppression des clefs du registre effectuee.. *** Fin du rapport !

voici le rapport 04/06/2007 a 22:34:36,17 *** Recherche des fichiers dans C: *** Recherche des fichiers dans C:\WINDOWS\ *** Recherche des fichiers dans C:\WINDOWS\system32 C:\WINDOWS\system32\bdod.bin FOUND *** Recherche des fichiers dans C:\Program Files "C:\Program Files\Multi_Media_France\" FOUND "C:\Program Files\Save\" FOUND *** Fin du rapport !

c'était trop beau pour être vrai lol ! voici le nouveau rapport Logfile of HijackThis v1.99.1 Scan saved at 22:24:50, on 04/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:

chic chic j'ai effacée ce de electronic-group merci encore

bonjour merci voici donc le rapport navilog Search Navipromo version 2.0.2 commencé le 04/06/2007 à 16:53:29,00 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Executé en mode normal *** Analyse Terminé le 04/06/2007 à 16:56:52,82 ***

hello tout le monde j'avais déja rencontrer ce probléme de pubs intempestives que j'ai résolue grâce au forum et le sympathique Narco ( ) mais voila depuis que mon frére a utilisé mon ordi toutes ses pubs sont revenues j'ai essayer le mode opératoire que j'avais fais avec Narco mais rien n'a changée ou je m'y prends mal voici mon rapport hijackthis Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 14:21:51, on 04/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C: merci

merci beaucoup je garde précieusement tes conseils et je serais plus vigilante quand à la sécurité de mon ordinateur merci encore je fais passée le mot autour de moi bon courage

voila le scan est fini " aucun probléme n'a été trouver" il ne m'on pas mis de rapport et c'est vrai que depuis j'ai pas eue une seule pub coooolllll !!! je pense que mon ordi est comme neuf lol merci encore (enfin si y'a plus rien à faire lol )

merci j'ai trouver le scan est en cours avec bitdefender online scanner

le site pour scanner me met cela comme message d'erreur Une erreur s'est produite lors du téléchargement de Panda ActiveScan. Recommencez l'opération. Si l'erreur se produit de nouveau, redémarrez votre ordinateur et essayer une nouvelle foisLes raisons de l’erreur peuvent être: Ne pas autoriser le téléchargement du contrôle ActiveScan de l’application. Des problèmes avec la connexion Internet. Une erreur est survenue au cours de l’installation d’ActiveScan. Merci de vérifier que votre connexion Internet fonctionne puis cliquez sur 'Réessayer'

ca y est j'y suis je veux juste savoir avant de le lancer " il ne va rien m'effacer j'espére comme des logiciels ou autre choses ???

bonjour, je n'ai jamais utilisée ccleaner comment lance t- on un nettoyage? merci encore

voici le rapport 06 21:45:54 [info]: BlackLight Engine 1.0.47 initialized 11/17/06 21:45:54 [info]: OS: 5.1 build 2600 (Service Pack 2) 11/17/06 21:45:54 [Note]: 7019 4 11/17/06 21:45:54 [Note]: 7005 0 11/17/06 21:45:56 [Note]: 7006 0 11/17/06 21:45:56 [Note]: 7011 1544 11/17/06 21:45:57 [Note]: 7026 0 11/17/06 21:45:57 [Note]: 7026 0 11/17/06 21:46:01 [Note]: FSRAW library version 1.7.1020 11/17/06 21:48:17 [Note]: 7007 0

bonsoir merci pour ces infos tous c'est trés bien déroulé donc voici le rapport navipromo.txt Rapport Navipromo.bat 0.5 effectué le 17/11/2006 à 20:41:45,00 ** Recherche... 1/ tdfcavix trouvé, recherche de tdfcavix* C:\WINDOWS\system32\tdfcavix.dat C:\WINDOWS\system32\tdfcavix.exe C:\WINDOWS\system32\tdfcavix_nav.dat C:\WINDOWS\system32\tdfcavix_navps.dat [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] tdfcavix REG_SZ c:\windows\system32\tdfcavix.exe tdfcavix ------------------ Fin du rapport de recherche Adware Navipromo trouvé 1 fois avec cette méthode ################################################ ** Nettoyage... 1/ Déplacement de tdfcavix* vers C:\Navipromo\Backups... C:\Windows\System32\tdfcavix* déplacé avec succès ! ------------------ * Suppression clés et valeurs de registre 1 entrées de registre ont été nettoyées * Backups : C:\Navipromo\Backups\ARPCache.reg C:\Navipromo\Backups\HKCURun.reg C:\Navipromo\Backups\HKLMRun.reg C:\Navipromo\Backups\tdfcavix.dat C:\Navipromo\Backups\tdfcavix.exe C:\Navipromo\Backups\tdfcavix_nav.dat C:\Navipromo\Backups\tdfcavix_navps.dat C:\Navipromo\Backups\Uninstall.reg Ajout d'extension .off aux backups ## Fin du rapport de Suppression ainsi qu'un nouveau rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 20:53:17, on 17/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Athan\Athan.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\lclock.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\WD6C5WO6\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [bDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] lclock.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Copie de Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O18 - Protocol: bw+0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {F6A47E2C-0776-4B27-9D62-A504912F6D4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) merci encore Ps. je n'ai pas fais brute de force deux fois cela a- t - il une incidence?

j'ai une question désolé je débute lorque je veux enregistrer EGDACCESS dans le dossier bfu j'en ai deux j'ai bfu.exe et bfu.zip pourtant j'ai dézipper (extraire vers C:/) désolé c'est peut être idiot???