Popup + Alertes a répétition

[Krevan]

Bonjour,

Depuis quelques jours, mon PC s'affole et m'envoie différentes alertes au virus + des popup vers des sites me donnant des antivirus payant a acheter. Je trouve ça louche étant donner que tout les antivirus ont a peu près la meme interface (pas le meme design, mais la même organisation).

De plus, mon Norton et Spybot ne m'indique aucun virus ni spyware.

 

J'ai donc fais un scan Hijhackthis pour vous demander de m'aider a me débarasser de ces saletés!

 

Logfile of HijackThis v1.99.1

Scan saved at 17:32:16, on 12/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\atmclk.exe

C:\WINDOWS\system32\dcomcfg.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox 1.5\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Microsoft IntelliPoint\IPoint.exe

C:\Program Files\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/ac...mpaign=wdz0605a

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: 213.246.59.101 L2authd.lineage2.com

O1 - Hosts: 213.246.59.101 L2authd.lineage2.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYFR

O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Download with &Shareaza - res://C:\Shareaza\Plugins\RazaWebHook.dll/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_nos.exe

O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O18 - Protocol: bw+0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {7B705A75-1023-4C5C-B53B-6FE4861CC4DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\WINDOWS\system32\vpxnk.dll (file missing)

O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

Merci d'avance pour votre aide.

[bruce lee]

Bonjour,

 

1/Télécharger http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

2/ Dézipper la totalité de l'archive sur ton bureau.

 

Double cliquer sur smitfraudfix.cmd

Sélectionner 1 dans le menu pour créer un rapport des fichiers responsables de l'infection.

sauvegarde ce rapport et poste le

[Krevan]

J'ai télécharger Smitfraudfix, mais quand je double-clic sur le fichier .cmd, la console apparait une fraction de seconde avant de disparaitre.

[bruce lee]

re,

 

réessaye en le retelechargeant

[Krevan]

re,

réessaye en le retelechargeant

 

Ca ne change rien...

[bruce lee]

re,

 

Ouvre le bloc-notes

- Menu Démarrer, Tous les programmes, Accessoires, Bloc notes

ou

- Menu Démarrer, Exécuter : tape notepad

 

Copie-colle ce qui suit dans le bloc-notes (sans la mention "citation") et sauvegarde sur le bureau

comme ceci :

 

C:\Windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s >> look.txt

start notepad look.txt

 

Nom : look.bat

Type : Tous les fichiers

 

Double-clique sur Look.bat. Cela va t'ouvrir un fichier au format TXT Look.txt

 

Copie et colle ici le contenu de Look.txt.

[Krevan]

Ca, sa marche!

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe

Path REG_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\backburner 2\;C:\PROGRA~1\ACTIVI~1\CALLOF~2\3D Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\NVIDIA Corporation\NVIDIA DDS Utilities

windir REG_EXPAND_SZ %SystemRoot%

FP_NO_HOST_CHECK REG_SZ NO

OS REG_SZ Windows_NT

PROCESSOR_ARCHITECTURE REG_SZ x86

PROCESSOR_LEVEL REG_SZ 15

PROCESSOR_IDENTIFIER REG_SZ x86 Family 15 Model 3 Stepping 4, GenuineIntel

PROCESSOR_REVISION REG_SZ 0304

NUMBER_OF_PROCESSORS REG_SZ 2

PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

TEMP REG_EXPAND_SZ %SystemRoot%\TEMP

TMP REG_EXPAND_SZ %SystemRoot%\TEMP

sourcesdk REG_SZ c:\program files\steam\steamapps\krevan\sourcesdk

VProject REG_SZ c:\program files\steam\steamapps\krevan\counter-strike source\cstrike

CLASSPATH REG_EXPAND_SZ C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

QTJAVA REG_EXPAND_SZ C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

[bruce lee]

Bonjour,

 

telecharge http://internet.cybermesa.com/~bstewart/files/fixpath2.zip

 

Dezippe le contenu de fixpath2.zip dans un répertoire sur C:\, par exemple: C:\FIXPATH2

Clique sur Démarrer, Executer et entre cmd

Valide par entrée.

 

Dans la fenêtre de commande, entre :

cd C:\ [+Entrée]

cd FIXPATH2 [+Entrée]

(Attention aux espaces juste après cd)

entre encore:

fixpath.exe [+Entrée]

 

Ceci va afficher un message d'information, clique Yes. Ferme la fenêtre.

Si les changements ont été effectués, il faudra redémarrer l'ordinateur pour tenir compte des

modifications. Une fois redemarrer, réessaye la procedure avec smitfraudfix.

[Krevan]

Nickel ça marche! Merci! Voici le log:

SmitFraudFix v2.70

 

Rapport fait à 12:42:51,76, 13/07/2006

Executé à partir de C:\Documents and Settings\No‚ Ksiazek\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\atmclk.exe PRESENT !

C:\WINDOWS\system32\dcomcfg.exe PRESENT !

C:\WINDOWS\system32\hp???.tmp PRESENT !

C:\WINDOWS\system32\hp????.tmp PRESENT !

C:\WINDOWS\system32\ld???.tmp PRESENT !

C:\WINDOWS\system32\ld????.tmp PRESENT !

C:\WINDOWS\system32\mzoeut.dll PRESENT !

C:\WINDOWS\system32\ot.ico PRESENT !

C:\WINDOWS\system32\regperf.exe PRESENT !

C:\WINDOWS\system32\simpole.tlb PRESENT !

C:\WINDOWS\system32\stdole3.tlb PRESENT !

C:\WINDOWS\system32\1024\ PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\No‚ Ksiazek\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NOKSIA~1\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\SpyQuake2.com\ PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

Je tiens aussi a signaler qu'après le redemarrage, une des alertes persistante (dans les icones a coté de l'horloge de la barre des tache) a disparue

[bruce lee]

Bonjour,

 

content que le fix marche

 

Par contre, hier il y a eu deux mises a jours du fix donc il te faut le retelecharger (supprime l'autre):

 

1/Télécharger http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

2/ Dézipper la totalité de l'archive sur ton bureau.

 

3/* Redemarrer l'ordinateur en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

* Double cliquer sur smitfraudfix.cmd

* Sélectionner 2 dans le menu pour supprimer les fichiers respondables de l'infection.

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui)

sauvegarde le rapport.

 

redemarre en mode normal et post aussi le nouveau rapport ainsi qu'un nouveau log hijackthis.

 

@+

Modifié le 13 juillet 2006 par bruce lee