[resolu] log hijackthis drive cleaner, look2me, et autre spyware

Bonjour,

Commençons par l'infection Look2me.

Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien la note au bas, avant de débuter.

Télécharge Look2Me-Destroyer.exe (par Atribune) sur ton Bureau.

Ferme toutes les fenêtres actives avant de passer à l'étape suivante.

Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.

Coche Run this program as a task

Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK

Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.

Lorsque le scan termine, clique sur le bouton Remove L2M

Un message Done Scanning apparaîtra, clique OK.

Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.

Ton PC va maintenant s'éteindre.

Démarre ton PC normalement.

Colle le rapport généré (Look2Me-Destroyer.txt), situé sur le Bureau, ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

** Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.

merci de m'avoir repondu

mes logs:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 26/12/2006 13:54:24

Infected! C:\WINDOWS\system32\lv4209hoe.dll
Infected! C:\WINDOWS\system32\btackbox.dll
Infected! C:\WINDOWS\system32\cnfgnt.dll
Infected! C:\WINDOWS\system32\mghtml.dll
Infected! C:\WINDOWS\system32\mwaudite.dll
Infected! C:\WINDOWS\system32\wbvcore.dll
Infected! C:\WINDOWS\system32\lzcalspl.dll
Infected! C:\WINDOWS\system32\mcvci70.dll
Infected! C:\WINDOWS\system32\kfdaze.dll
Infected! C:\WINDOWS\system32\xllehlp.dll
Infected! C:\WINDOWS\system32\meiwave.dll
Infected! C:\WINDOWS\system32\dtstyle.dll
Infected! C:\WINDOWS\system32\isc21.dll
Infected! C:\WINDOWS\system32\lv4209hoe.dll
Infected! C:\WINDOWS\system32\cccui.dll
Infected! C:\WINDOWS\system32\eo.dll
Infected! C:\WINDOWS\system32\h42o0ef3eh2.dll
Infected! C:\WINDOWS\system32\dkwsock.dll
Infected! C:\WINDOWS\system32\lv0209doe.dll
Infected! C:\WINDOWS\system32\o6rolg9316.dll
Infected! C:\WINDOWS\system32\f2l02c3mgf.dll
Infected! C:\WINDOWS\system32\o0lu0a39ed.dll
Infected! C:\WINDOWS\system32\kddmac.dll
Infected! C:\WINDOWS\system32\kpdit142.dll
Infected! C:\WINDOWS\system32\r68slgl716q.dll
Infected! C:\WINDOWS\system32\en66l1js1.dll
Infected! C:\WINDOWS\system32\ddnmodem.dll
Infected! C:\WINDOWS\system32\cOmocx.dll
Infected! C:\WINDOWS\system32\azaolgl316q.dll
Infected! C:\WINDOWS\system32\ir0ml5d11.dll
Infected! C:\WINDOWS\system32\d6j00g1me6.dll
Infected! C:\WINDOWS\system32\h60qlgd5160.dll
Infected! C:\WINDOWS\system32\h62olgf3162.dll
Infected! C:\WINDOWS\system32\k608lgdu1608.dll
Infected! C:\WINDOWS\system32\WkoDial2000.dll
Infected! C:\WINDOWS\system32\h4n00e5meh.dll
Infected! C:\WINDOWS\system32\m8juli1918.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123605.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123608.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123610.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123611.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123612.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123674.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123688.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123693.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP428\A0123569.dll
Infected! C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP428\A0123570.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\lv4209hoe.dll
C:\WINDOWS\system32\lv4209hoe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\btackbox.dll
C:\WINDOWS\system32\btackbox.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cnfgnt.dll
C:\WINDOWS\system32\cnfgnt.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mghtml.dll
C:\WINDOWS\system32\mghtml.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mwaudite.dll
C:\WINDOWS\system32\mwaudite.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wbvcore.dll
C:\WINDOWS\system32\wbvcore.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lzcalspl.dll
C:\WINDOWS\system32\lzcalspl.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mcvci70.dll
C:\WINDOWS\system32\mcvci70.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kfdaze.dll
C:\WINDOWS\system32\kfdaze.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\xllehlp.dll
C:\WINDOWS\system32\xllehlp.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\meiwave.dll
C:\WINDOWS\system32\meiwave.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dtstyle.dll
C:\WINDOWS\system32\dtstyle.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\isc21.dll
C:\WINDOWS\system32\isc21.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv4209hoe.dll
C:\WINDOWS\system32\lv4209hoe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cccui.dll
C:\WINDOWS\system32\cccui.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\eo.dll
C:\WINDOWS\system32\eo.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h42o0ef3eh2.dll
C:\WINDOWS\system32\h42o0ef3eh2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dkwsock.dll
C:\WINDOWS\system32\dkwsock.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv0209doe.dll
C:\WINDOWS\system32\lv0209doe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o6rolg9316.dll
C:\WINDOWS\system32\o6rolg9316.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\f2l02c3mgf.dll
C:\WINDOWS\system32\f2l02c3mgf.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o0lu0a39ed.dll
C:\WINDOWS\system32\o0lu0a39ed.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kddmac.dll
C:\WINDOWS\system32\kddmac.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kpdit142.dll
C:\WINDOWS\system32\kpdit142.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r68slgl716q.dll
C:\WINDOWS\system32\r68slgl716q.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en66l1js1.dll
C:\WINDOWS\system32\en66l1js1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ddnmodem.dll
C:\WINDOWS\system32\ddnmodem.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cOmocx.dll
C:\WINDOWS\system32\cOmocx.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaolgl316q.dll
C:\WINDOWS\system32\azaolgl316q.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ir0ml5d11.dll
C:\WINDOWS\system32\ir0ml5d11.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d6j00g1me6.dll
C:\WINDOWS\system32\d6j00g1me6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h60qlgd5160.dll
C:\WINDOWS\system32\h60qlgd5160.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h62olgf3162.dll
C:\WINDOWS\system32\h62olgf3162.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k608lgdu1608.dll
C:\WINDOWS\system32\k608lgdu1608.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\WkoDial2000.dll
C:\WINDOWS\system32\WkoDial2000.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h4n00e5meh.dll
C:\WINDOWS\system32\h4n00e5meh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m8juli1918.dll
C:\WINDOWS\system32\m8juli1918.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123605.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123605.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123608.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123608.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123610.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123610.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123611.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123611.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123612.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123612.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123674.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123674.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123688.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123688.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123693.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123693.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP428\A0123569.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP428\A0123569.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP428\A0123570.dll
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP428\A0123570.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{72C78F33-DA9B-4F74-AAF7-C4BF4153CC5D}"
HKCR\Clsid\{72C78F33-DA9B-4F74-AAF7-C4BF4153CC5D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9B16D4DF-736E-400F-B14E-7EF9A6245383}"
HKCR\Clsid\{9B16D4DF-736E-400F-B14E-7EF9A6245383}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8C1E0F58-D571-42E0-B663-D5E75A3559B3}"
HKCR\Clsid\{8C1E0F58-D571-42E0-B663-D5E75A3559B3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DB0B17E3-62CF-434E-A548-5D6867C9B3C9}"
HKCR\Clsid\{DB0B17E3-62CF-434E-A548-5D6867C9B3C9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{96A07AD5-F1B1-46C6-9701-1808B892428B}"
HKCR\Clsid\{96A07AD5-F1B1-46C6-9701-1808B892428B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{595E88FA-296C-4928-A844-D0B14B78CC00}"
HKCR\Clsid\{595E88FA-296C-4928-A844-D0B14B78CC00}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B5F8DD94-F963-4961-AB6F-170A42897554}"
HKCR\Clsid\{B5F8DD94-F963-4961-AB6F-170A42897554}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6E8A85E1-F63D-430F-BD31-8D5643413DBB}"
HKCR\Clsid\{6E8A85E1-F63D-430F-BD31-8D5643413DBB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B046592F-AFEE-482F-9100-58425C2C2A35}"
HKCR\Clsid\{B046592F-AFEE-482F-9100-58425C2C2A35}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7BB6582C-CBF2-4CC3-8B46-CA33034E080E}"
HKCR\Clsid\{7BB6582C-CBF2-4CC3-8B46-CA33034E080E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D91BAD0F-3D7E-4D68-9E58-3E19DFD4E7BC}"
HKCR\Clsid\{D91BAD0F-3D7E-4D68-9E58-3E19DFD4E7BC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0F94B7A2-FB8E-46C4-BD2F-304411C85ED4}"
HKCR\Clsid\{0F94B7A2-FB8E-46C4-BD2F-304411C85ED4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5828B7C7-867F-4EDA-B7E6-D3B3E335F313}"
HKCR\Clsid\{5828B7C7-867F-4EDA-B7E6-D3B3E335F313}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7AEEBB33-C47A-4AB9-9B01-B88EFAC51280}"
HKCR\Clsid\{7AEEBB33-C47A-4AB9-9B01-B88EFAC51280}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{65BDC668-7930-423A-8BBC-D149FB5FCF88}"
HKCR\Clsid\{65BDC668-7930-423A-8BBC-D149FB5FCF88}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A2687538-7B9F-46F5-8B8C-B432122E9392}"
HKCR\Clsid\{A2687538-7B9F-46F5-8B8C-B432122E9392}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{84AEC247-BC15-47A9-8CDE-D847280F2170}"
HKCR\Clsid\{84AEC247-BC15-47A9-8CDE-D847280F2170}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{85C7A701-6D01-4B48-95B8-64914E8F1D38}"
HKCR\Clsid\{85C7A701-6D01-4B48-95B8-64914E8F1D38}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded


hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 14:00:49, on 26/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\IMAP\Bureau\antispy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boursorama.com/portefeuille/portefeuille.pht...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: bw+0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C499FCA8-07F5-4340-BA7C-953EA11876F6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

On continue :

Télécharge combofix.exe (par sUBs) sur ton Bureau

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next.

A la fin du scan, NE TOUCHE A RIEN !

Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.

Poste le rapport sur le forum.

AIDE : Tuto sur BlackLight (Malekal)

log combofix

IMAP - 06-12-26 14:07:46,82 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\IMAP\Bureau"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\MWUNI10.DLL
C:\WINDOWS\system32\WNNSKFR.DLL


Granting sedebugprivilege to Administrateurs ... successful


((((((((((((((((((((((((((((((( Files Created from 2006-11-26 to 2006-12-26 ))))))))))))))))))))))))))))))))))


2006-12-26 14:01 <REP> d-------- C:\Program Files\RegCleaner
2006-12-26 11:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
2006-12-26 10:52 <REP> d-------- C:\Documents and Settings\IMAP\Application Data\DriveCleaner 2006 Free
2006-12-26 09:42 <REP> d-------- C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
2006-12-25 16:38 <REP> d-------- C:\Program Files\MSXML 4.0
2006-12-25 16:38 <REP> d-------- C:\6166fa52c6c39a237b25
2006-12-25 16:17 <REP> d--hs---- C:\FOUND.006


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-20 02:38 716800 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BDMCon"="c:\\progra~1\\softwin\\bitdef~1\\bdmcon.exe"
"BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDNewsAgent"="\"C:\\progra~1\\softwin\\bitdef~1\\bdnagent.exe\""
"BDSwitchAgent"="\"C:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\""
"DriveCleaner 2006 Free"="\"C:\\Program Files\\DriveCleaner 2006 Free\\UDC2006.exe\" /min"
"SDR6V_Check"="\"C:\\Program Files\\Fichiers communs\\DriveCleaner 2006 Free\\SDRmon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BitDefender Live!.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\BitDefender Live!.lnk"
"backup"="C:\\WINDOWS\\pss\\BitDefender Live!.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FICHIE~1\\Softwin\\Live\\avxlive.exe /back"
"item"="BitDefender Live!"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Corel Family & Friends Reminders.LNK]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Corel Family & Friends Reminders.LNK"
"backup"="C:\\WINDOWS\\pss\\Corel Family & Friends Reminders.LNKCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Corel\\PRINTH~1\\cffrem.exe "
"item"="Corel Family & Friends Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EuroThink Agenda.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\EuroThink Agenda.lnk"
"backup"="C:\\WINDOWS\\pss\\EuroThink Agenda.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\EUROTH~1\\Agenda\\Agenda.exe "
"item"="EuroThink Agenda"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Murphy Shield.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Murphy Shield.lnk"
"backup"="C:\\WINDOWS\\pss\\Murphy Shield.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SOFTWIN\\BDProf\\mgui.exe "
"item"="Murphy Shield"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Supervision de Photo Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Supervision de Photo Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\Plauto.exe "
"item"="Supervision de Photo Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="F_LCON~1"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\FUSION~1\\F_LCON~1.exe -debut"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bdswitch"
"hkey"="HKLM"
"command"="\"C:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmysmileys]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gimmysmileys1"
"hkey"="HKLM"
"command"="C:\\\\gimmysmileys1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="keyboard1"
"hkey"="HKLM"
"command"="C:\\\\keyboard1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Alaunch"
"hkey"="HKLM"
"command"="Alaunch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QtaET2S"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\LAUNCH~1\\QtaET2S.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mousepad1"
"hkey"="HKLM"
"command"="C:\\\\mousepad1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\IMAP\\Bureau\\documents BEN\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quru]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qurum"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\FICHIE~1\\quru\\qurum.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00001"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mobsync"
"hkey"="HKLM"
"command"="%SystemRoot%\\system32\\mobsync.exe /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinVNC"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\RealVNC\\WinVNC\\WinVNC.exe\" -servicehelper"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CnxMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\WANADOO\\CnxMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TaskbarIcon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\WANADOO\\TaskbarIcon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Watch"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-26 14:09:34.65
C:\ComboFix.txt ... 06-12-26 14:09

backlight


12/26/06 14:15:45 [Info]: BlackLight Engine 1.0.47 initialized
12/26/06 14:15:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/26/06 14:15:45 [Note]: 7019 4
12/26/06 14:15:45 [Note]: 7005 0
12/26/06 14:15:48 [Note]: 7006 0
12/26/06 14:15:48 [Note]: 7011 1520
12/26/06 14:15:48 [Note]: 7026 0
12/26/06 14:15:48 [Note]: 7026 0
12/26/06 14:15:52 [Note]: FSRAW library version 1.7.1020
12/26/06 14:16:24 [Note]: 2000 1012
12/26/06 14:16:24 [Note]: 2000 1012
12/26/06 14:17:07 [Note]: 7007 0


merci encore

Re,

On passe à DriveCleaner.

Les manipulations sont à faire sans interruption et dans l'ordre
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

Enregistre cette page pour avoir accès à la procédure en mode sans échec :
- Fichier
- Enregistrer Sous...
- Nom du fichier : Procédure
- Type : Page Web, complète
- Pour l'emplacement, chosis ton Bureau
- Clique maintenant sur Enregistrer

Télécharge :

Brute Force Uninstaller (de Merjin).
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible du lien sous..." afin de télécharger Winsoftware.bfu (de Metallica). Sauvegarde-le dans le dossier créé (C:\BFU).
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Winsoftware.bfu et BFU.exe (très important).

Note : Si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

AIDE : Comment installer et utiliser BFU ?

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

Démarre "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Winsoftware.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Winsoftware.bfu

Clique sur Execute et laisse-le faire son travail.

Attends que Complete script execution apparaisse pour cliquer sur OK.
Clique Exit pour fermer le programme BFU.

Redémarre normalement.

Poste le rapport Hijackthis.

voila le log

Logfile of HijackThis v1.99.1
Scan saved at 14:43:58, on 26/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\IMAP\Bureau\antispy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boursorama.com/portefeuille/portefeuille.pht...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Ca a marché  

Log Hijackthis clean.

-- Fais un scan en ligne Kaspersky :
- Scan le Poste de travail
- Sauvegarde puis colle le rapport en fin d'analyse
AIDE : Démonstration en images..

Si ce message apparaît :
"La licence de Kaspersky On-line Scanner est périmée"
Va dans Ajout/Suppression de programmes pour désinstaller l'Online Scanner
Retente ensuite le scan.

avec bitdefender jespere que ca ira


//-----------------------------------------------------------------
//
// Produit BitDefender Antivirus Plus v10
// Produit 10.0
//
// Créé le: 26/12/2006 15:36:58
//
//-----------------------------------------------------------------


Statistiques

Chemin cible: C:\
D:\
Dossiers : 2210
Fichiers : 16004
Processus Mémoire analysés : 4
Archives : 4
Fichiers enpaquetés : 724
Virus trouvés : 6
Fichiers infectés : 42
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 37
Fichiers déplacés : 5
Erreurs I/O : 8
Temps d'analyse :=00:10:41
Fichiers/seconde :24

Statistiques Spywares

Registres analysés : 1642
Registres infectés : 0
Cookies analysés : 18
Cookies infectés : 0
Fichiers spyware infectés : 0
Menaces Spyware détectées : 0


Définitions virus : 385888
Plugins d'analyse : 16
Plugins archives : 41
Plug-ins décompression : 6
Plug-ins messagerie : 6
Plug-ins système : 5

Options d'analyse

Détection
[X] Analyser le secteur de boot
[X] Processus mémoire
[ ] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie

Masque fichiers
[X] Programmes
[ ] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action

Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[ ] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1167143818.log

Options d'analyse Spyware

[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[X] Clés de registres
[X] Cookies


Résumé:

C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123606.exe Infecté: Trojan.Fakealert.FB
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123606.exe Désinfection impossible
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123606.exe Déplacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123609.DLL Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123609.DLL Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123613.exe Détecté: Adware.Zesty.C
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123613.exe Désinfection impossible
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP429\A0123613.exe Déplacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123670.exe Détecté: Adware.WinAntiVirus.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123670.exe Désinfection impossible
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123670.exe Déplacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123671.exe Détecté: Adware.Maxifiles.B
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123671.exe Désinfection impossible
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123671.exe Déplacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123697.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123697.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123698.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123698.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123699.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123699.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123700.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123700.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123701.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123701.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123702.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123702.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123703.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123703.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123704.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123704.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123705.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123705.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123706.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123706.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123707.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123707.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123708.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123708.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123709.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123709.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123710.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123710.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123711.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123711.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123712.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123712.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123713.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123713.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123714.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123714.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123715.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123715.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123716.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123716.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123717.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123717.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123718.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123718.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123719.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123719.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123720.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123720.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123721.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123721.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123722.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123722.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123723.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123723.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123724.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123724.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123725.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123725.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123726.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123726.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123727.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123727.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123728.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123728.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123729.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123729.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123730.dll Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP430\A0123730.dll Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP432\A0125357.DLL Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP432\A0125357.DLL Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP432\A0125358.DLL Détecté: Adware.Dinky.A
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP432\A0125358.DLL Effacé
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP435\A0126043.exe Infecté: Trojan.Downloader.Winfixer.E
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP435\A0126043.exe Désinfection impossible
C:\System Volume Information\_restore{178FAAAA-1FB2-4211-B6D7-D05B4173FB4C}\RP435\A0126043.exe Déplacé

Désactive puis réactive la restauration du système.
D'autres problèmes ?

desole pour le retard de ma reponse
mais merci beaucoup pour ton aide non je n'ai pas d'autre probleme
merci encore

Re,

Edite ton premier message avec puis ajoute (Résolu) au titre.

Dénonce ton infection (Look2me) pour faire condamner les auteurs, ça serait sympa.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection.
AIDE : Comment rapporter son infection sur Malware-Complaints ?

Consulte cette page pour éviter que ces problèmes ne réapparaissent.