Virus MSN

Bonjour,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

merci beaucoup pour cette reponse rapide.
voila le rapport

Search Navipromo version 2.0.3 commencé le 13/06/2007 à 20:21:32,21

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***


C:\WINDOWS\msskinner trouvé !


*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Etienne\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html

Fichier(s) caché(s) dans C:\WINDOWS\system32 :

c:\WINDOWS\system32\afklys.dat
C:\windows\system32\afklys.exe
c:\WINDOWS\system32\afklys_nav.dat
c:\WINDOWS\system32\afklys_navps.dat
c:\WINDOWS\system32\afklys_navup.dat

Processus caché(s) dans C:\WINDOWS\system32 :

C:\windows\system32\afklys.exe


*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
C:\WINDOWS\system32\afklys.dat trouvé !
C:\WINDOWS\system32\jqjqarb.dat trouvé !
C:\WINDOWS\system32\wcnltf.dat trouvé !
**
C:\WINDOWS\system32\afklys.dat trouvé !
C:\WINDOWS\system32\jqjqarb.dat trouvé !
C:\WINDOWS\system32\wcnltf.dat trouvé !
***
****
C:\WINDOWS\system32\afklys_navps.dat trouvé !
*****
******
*******
C:\WINDOWS\system32\jqjqarb.exe trouvé !
********
C:\WINDOWS\system32\afklys.exe trouvé !
C:\WINDOWS\system32\jqjqarb.exe trouvé !


*** Analyse Terminé le 13/06/2007 à 20:29:47,37 ***

Re,

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
Choisis l'onglet Contenu puis onglet Certificats.
Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), supprime-les :

electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"

voila les rapports ^^
merci !!

Clean Navipromo version 2.0.3 commencé le 13/06/2007 à 22:31:54,04

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight


*** Creation backups fichiers trouvés par Blacklight ***

Copie vers "C:\Program Files\navilog1\Backupnavi"


*** Suppression des fichiers trouvés avec Blacklight ***

c:\WINDOWS\system32\afklys.dat supprimé !
C:\windows\system32\afklys.exe supprimé !
c:\WINDOWS\system32\afklys_nav.dat supprimé !
c:\WINDOWS\system32\afklys_navps.dat supprimé !
c:\WINDOWS\system32\afklys_navup.dat supprimé !

** 2ème passage **

C:\WINDOWS\system32\afklys.exe absent !
C:\WINDOWS\system32\afklys.dat absent !
C:\WINDOWS\system32\afklys_nav.dat absent !
C:\WINDOWS\system32\afklys_navps.dat absent !
C:\WINDOWS\system32\afklys_navup.dat absent !
C:\WINDOWS\system32\afklys_navtmp.dat absent !
C:\WINDOWS\system32\afklys_m2s.xml absent !


C:\WINDOWS\prefetch\afklys*.pf trouvé !
Copie C:\WINDOWS\prefetch\afklys*.pf réalise avec succes !
C:\WINDOWS\prefetch\afklys*.pf supprimé !

*** Suppression dossiers dans C:\WINDOWS ***

C:\WINDOWS\msskinner ...suppression...
C:\WINDOWS\msskinner supprimé !


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Etienne\Application Data ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Etienne\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :

*
C:\WINDOWS\System32\jqjqarb.dat trouvé !
Copie C:\WINDOWS\system32\jqjqarb.dat réalise avec succes !
C:\WINDOWS\system32\jqjqarb.dat supprimé !

C:\WINDOWS\System32\wcnltf.dat trouvé !
Copie C:\WINDOWS\system32\wcnltf.dat réalise avec succes !
C:\WINDOWS\system32\wcnltf.dat supprimé !

**
***
****
*****
C:\WINDOWS\System32\jqjqarb_navup.dat trouvé !
Copie C:\WINDOWS\system32\jqjqarb_navup.dat réalise avec succes !
C:\WINDOWS\system32\jqjqarb_navup.dat supprimé !

C:\WINDOWS\System32\wcnltf_navup.dat trouvé !
Copie C:\WINDOWS\system32\wcnltf_navup.dat réalise avec succes !
C:\WINDOWS\system32\wcnltf_navup.dat supprimé !

******
*******
C:\WINDOWS\System32\jqjqarb.exe trouvé !
Copie C:\WINDOWS\system32\jqjqarb.exe réalise avec succes !
C:\WINDOWS\system32\jqjqarb.exe supprimé !

********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

*** Nettoyage termine le 13/06/2007 à 22:44:16,64 ***




Logfile of HijackThis v1.99.1
Scan saved at 22:51:17, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radioblogclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Sophie\Local Settings\Temporary Internet Files\Content.IE5\AQYX5PKI\ErrorSafeScannerInstall_fr[1].exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [jqjqarb] c:\windows\system32\jqjqarb.exe jqjqarb
O4 - HKLM\..\Run: [eggs beep base cdrom] C:\Documents and Settings\All Users\Application Data\Thunk nurb eggs beep\signvc.exe
O4 - HKLM\..\Run: [wcnltf] c:\windows\system32\wcnltf.exe wcnltf
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [1Wma] C:\DOCUME~1\LOCALS~1\APPLIC~1\JUNKNO~1\BARBSLOWCURB.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe
O4 - Global Startup: DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDCC25D-7BF2-4F54-B3F7-D216BA42A939}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: syshelps - {4E90C65D-9AED-48E4-8713-4BD161AEC242} - syshelps.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Re,

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

13/06/2007 a 23:04:01,89

*** Recherche des fichiers dans C:
C:\StubInstaller.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\
"C:\WINDOWS\photos.zip" FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\syshelps.dll FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Adverts\" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !

Re,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

->Fiche complète<-

&

Redémarre en mode sans échec

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.

Redémarre normalement.

Poste le rapport clean : C:\rapport_clean.txt

MSN_Fix 1.316

C:\Documents and Settings\Etienne\Bureau\MSNFix
Fix exécuté le 13/06/2007 - 23:10:50,00 By Etienne
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\syshelps.dll
... C:\WINDOWS\photos.zip
... C:\WINDOWS\system32\urlmsnlink.dat

************************ Recherche les dossiers présents

... C:\WINDOWS\system32\openfile\
... C:\WINDOWS\system32\updatelinkmsn\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\syshelps.dll
.. OK ... C:\WINDOWS\photos.zip
.. OK ... C:\WINDOWS\system32\urlmsnlink.dat


************************ Suppression des dossiers

.. OK ... C:\WINDOWS\system32\openfile\
.. OK ... C:\WINDOWS\system32\updatelinkmsn\


************************ Nettoyage du registre
.......... OK



Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 13/06/2007 a 23:29:40,34

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Refais un scan clean option 1 puis poste un rapport Hijackthis.

14/06/2007 a 0:07:55,62

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !



Logfile of HijackThis v1.99.1
Scan saved at 00:10:48, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radioblogclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Sophie\Local Settings\Temporary Internet Files\Content.IE5\AQYX5PKI\ErrorSafeScannerInstall_fr[1].exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [jqjqarb] c:\windows\system32\jqjqarb.exe jqjqarb
O4 - HKLM\..\Run: [eggs beep base cdrom] C:\Documents and Settings\All Users\Application Data\Thunk nurb eggs beep\signvc.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [1Wma] C:\DOCUME~1\LOCALS~1\APPLIC~1\JUNKNO~1\BARBSLOWCURB.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe
O4 - Global Startup: DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDCC25D-7BF2-4F54-B3F7-D216BA42A939}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Re,

Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Double-clique sur le fichier Scan.bat
Un rapport sera généré, poste son contenu ici.

Rapport fait à 0:16:08,73 le 14/06/2007

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Administrateur

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\All Users\Application Data

05/01/2007 11:52 <REP> SiteAdvisor
05/01/2007 11:44 <REP> McAfee
02/12/2006 18:16 <REP> PreEmptive Solutions
02/12/2006 18:13 <REP> Microsoft Help
24/10/2006 21:55 <REP> DVD Shrink
19/09/2006 17:02 <REP> Windows Genuine Advantage
18/09/2006 19:06 <REP> Google
16/09/2006 19:13 <REP> Spybot - Search & Destroy
18/05/2006 18:32 <REP> Adobe
21/04/2006 19:44 <REP> Thunk nurb eggs beep
20/03/2006 22:50 <REP> pixelStorm
07/03/2006 12:40 <REP> UDL
02/01/2006 20:21 <REP> River Past G4
01/01/2006 11:27 <REP> WhiteCap (Holiday Edition)
30/12/2005 15:12 <REP> Messenger Plus!
30/12/2005 06:59 <REP> McAfee.com
09/12/2005 22:07 <REP> Kodak
04/06/2005 19:32 <REP> Creative
14/10/2004 15:37 <REP> CyberLink
14/10/2004 11:58 <REP> QuickTime
14/10/2004 11:54 <REP> Ahead
14/10/2004 11:39 <REP> SBSI
13/10/2004 21:41 62 desktop.ini
13/10/2004 21:41 <REP> Microsoft
13/10/2004 21:41 <REP> ..
13/10/2004 21:41 <REP> .
1 fichier(s) 62 octets
25 R‚p(s) 37476478976 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Default User\Application Data

14/05/2005 07:39 <REP> CyberLink
14/05/2005 07:39 <REP> Adobe
14/05/2005 07:39 <REP> Help
14/05/2005 07:39 <REP> Macromedia
14/05/2005 07:39 <REP> Real
14/05/2005 07:39 <REP> Sun
13/10/2004 21:41 62 desktop.ini
13/10/2004 21:41 <REP> Microsoft
13/10/2004 21:41 <REP> ..
13/10/2004 21:41 <REP> .
13/10/2004 19:48 <REP> Identities
1 fichier(s) 62 octets
10 R‚p(s) 37476478976 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Etienne\Application Data

05/04/2007 22:56 <REP> AVSMedia
18/03/2007 20:34 <REP> Screenshot Sender
15/03/2007 09:25 <REP> MSNInstaller
25/01/2007 23:59 <REP> Steinberg
05/01/2007 12:53 <REP> SiteAdvisor
21/04/2006 19:44 <REP> Junk Noun Road
09/04/2006 09:50 <REP> Thunderbird
09/04/2006 09:50 <REP> Mozilla
08/03/2006 16:07 <REP> EPSON
04/03/2006 13:21 <REP> PDFcreator
25/02/2006 20:27 <REP> Google
02/01/2006 20:23 <REP> River Past G4
30/12/2005 17:02 <REP> FotoWire
09/12/2005 22:20 <REP> AdobeUM
28/08/2005 19:16 <REP> Creative
26/08/2005 11:21 <REP> Ahead
23/08/2005 19:54 <REP> ArcSoft
14/05/2005 07:41 62 desktop.ini
14/05/2005 07:41 <REP> Adobe
14/05/2005 07:41 <REP> Help
14/05/2005 07:41 <REP> Identities
14/05/2005 07:41 <REP> CyberLink
14/05/2005 07:41 <REP> Macromedia
14/05/2005 07:41 <REP> Microsoft
14/05/2005 07:40 <REP> Real
14/05/2005 07:40 <REP> Sun
14/05/2005 07:40 <REP> .
14/05/2005 07:40 <REP> ..
1 fichier(s) 62 octets
27 R‚p(s) 37476478976 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Florence

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Parents\Application Data

09/01/2007 15:12 <REP> SiteAdvisor
01/10/2006 19:42 <REP> Google
09/04/2006 15:34 <REP> Mozilla
09/04/2006 15:34 <REP> Thunderbird
16/03/2006 10:38 <REP> Notepad++
07/03/2006 12:48 <REP> EPSON
04/03/2006 12:41 <REP> AdobeUM
04/03/2006 12:35 <REP> PDFCreator
30/06/2005 13:37 26624 CDRusersDB.v12
14/05/2005 09:11 62 desktop.ini
14/05/2005 09:11 <REP> Adobe
14/05/2005 09:11 <REP> CyberLink
14/05/2005 09:11 <REP> Help
14/05/2005 09:11 <REP> Identities
14/05/2005 09:11 <REP> Macromedia
14/05/2005 09:11 <REP> Microsoft
14/05/2005 09:11 <REP> Real
14/05/2005 09:11 <REP> Sun
14/05/2005 09:11 <REP> .
14/05/2005 09:11 <REP> ..
2 fichier(s) 26686 octets
18 R‚p(s) 37476474880 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data

11/06/2005 20:04 <REP> ..
11/06/2005 20:04 <REP> Real
11/06/2005 20:04 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 37476474880 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Sophie

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\WINDOWS\Tasks

05/01/2007 11:53 366 McDefragTask.job
05/01/2007 11:53 356 McQcTask.job
13/10/2004 19:50 6 SA.DAT
13/10/2004 19:46 <REP> ..
13/10/2004 19:46 <REP> .
13/10/2004 19:36 65 desktop.ini
4 fichier(s) 793 octets
2 R‚p(s) 37ÿ476ÿ474ÿ880 octets libres

******************************************
Recherche dans Program files

Pas de dossiers relatifs à Lop
******************************************
Listing des dossier dans Program Files

888.com.ico
Adobe
Ahead
ArcSoft
ATI Technologies
Audacity
AVSMedia
Bethesda Softworks
CA
Canon
CE Remote Tools
Common Files
Coyote
Creative
CyberLink
DIFX
DigitalSoundPlanet
Disney Interactive
DivX
Dofus
DVD Decrypter
DVD Shrink
DWL-G520M Wireless 108G MIMO PCI Adapter
EA Games
Electronic Arts
epson
EPSON Print CD
EuroTalk
Fichiers communs
Finale 2007 Demo
GameSpy Arcade
GeoGebra
Google
Grisoft
Guitar Pro 5
HighMAT CD Writing Wizard
Hijackthis Version Fran‡aise
Home Cinema
HTML Help Workshop
Ihsv
Illustrate
index
Infogrames
INSTALL.LOG
Intel
Internet Explorer
Java
Junk Noun Road
KC Softwares
Kodak
Lavasoft
Ligos
LimeWire
Logitech
Macromedia
MagicDVDRipper
magicpic
Maxis
McAfee
McAfee.com
Medion Software
Messenger
Messenger Plus! Live
MessengerPlus! 3
Microprose
Microsoft Device Emulator
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft SQL Server 2005 Mobile Edition
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
MMT
MotorSports15
Movie Maker
Mozilla Firefox
Mozilla Thunderbird
MSBuild
MSN
MSN Apps
MSN Gaming Zone
MSN Messenger
MSN Webcam Recorder
MSXML 4.0
Music Mixer 4
Musicmatch
Navilog1
NetMeeting
Nikon
Notepad++
Online Services
Outlook Express
Oxygene
PDFCreator
PhotoFiltre
Pizzicato 3
QuickTime
Real
RealVNC
River Past
Services en ligne
Sibelius Software
Sierra
SiteAdvisor
SmartScore 5.2 Pro Demo
SoftChris
Spybot - Search & Destroy
Steinberg
StuffPlug3
Subduction
TGTSoft
The Adventure Company
themexp
VirginMega
Visicom Media
Windows Journal Viewer
Windows Live
Windows Media Components
Windows Media Connect
Windows Media Connect 2
Windows Media Player
Windows NT
WinPcap
WinRAR
WinZip
wrench.ico
X10 Hardware
xerox
Yahoo!
******************************************
Recherche d'infections connues

C:\WINDOWS\system32 Nvs2.inf
*************** Fin du rapport ****************

Lorsque j'essaye de lancer LaunchIt, on me dit "executer".
Je clique
et il ne se passe plus rien...

Re,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

Search Navipromo version 2.0.3 commencé le 14/06/2007 à 12:50:08,65

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Etienne\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html

Fichier(s) caché(s) dans C:\WINDOWS\system32 :

c:\WINDOWS\system32\wcnltf.dat
C:\windows\system32\wcnltf.exe
c:\WINDOWS\system32\wcnltf_nav.dat
c:\WINDOWS\system32\wcnltf_navps.dat

Processus caché(s) dans C:\WINDOWS\system32 :

C:\windows\system32\wcnltf.exe


*** Recherche fichiers ***


C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
C:\WINDOWS\system32\wcnltf.dat trouvé !
**
C:\WINDOWS\system32\wcnltf.dat trouvé !
***
****
C:\WINDOWS\system32\wcnltf_navps.dat trouvé !
*****
******
*******
********


*** Analyse Terminé le 14/06/2007 à 13:00:04,14 ***

Re,

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
Choisis l'onglet Contenu puis onglet Certificats.
Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), supprime-les :

electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Etienne\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :

*
**
***
****
*****
******
*******
********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

*** Nettoyage termine le 14/06/2007 à 13:25:21,87 ***



Logfile of HijackThis v1.99.1
Scan saved at 13:27:38, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radioblogclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Sophie\Local Settings\Temporary Internet Files\Content.IE5\AQYX5PKI\ErrorSafeScannerInstall_fr[1].exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [jqjqarb] c:\windows\system32\jqjqarb.exe jqjqarb
O4 - HKLM\..\Run: [eggs beep base cdrom] C:\Documents and Settings\All Users\Application Data\Thunk nurb eggs beep\signvc.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [1Wma] C:\DOCUME~1\LOCALS~1\APPLIC~1\JUNKNO~1\BARBSLOWCURB.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe
O4 - Global Startup: DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDCC25D-7BF2-4F54-B3F7-D216BA42A939}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Et il n'y avait que "electronic-group" dans l'onglet certificats...
Encore merci de m'aider a resoudre se probleme Angeldark  

Le rapport Navilog n'est pas complet.

Clean Navipromo version 2.0.3 commencé le 14/06/2007 à 13:55:17,10

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight



*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)


*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Etienne\Application Data ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Etienne\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :

*
**
***
****
*****
******
*******
********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

*** Nettoyage termine le 14/06/2007 à 13:58:47,81 ***

Tu peux refaire un scan clean option 1 ?

14/06/2007 a 15:03:57,10

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !

Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 19:19:10, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radioblogclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Sophie\Local Settings\Temporary Internet Files\Content.IE5\AQYX5PKI\ErrorSafeScannerInstall_fr[1].exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [jqjqarb] c:\windows\system32\jqjqarb.exe jqjqarb
O4 - HKLM\..\Run: [eggs beep base cdrom] C:\Documents and Settings\All Users\Application Data\Thunk nurb eggs beep\signvc.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [1Wma] C:\DOCUME~1\LOCALS~1\APPLIC~1\JUNKNO~1\BARBSLOWCURB.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Etienne\Application Data\server123.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe
O4 - Global Startup: DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDCC25D-7BF2-4F54-B3F7-D216BA42A939}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Re,

Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Double-clique sur le fichier Scan.bat
Un rapport sera généré, poste son contenu ici.

Rapport fait à 0:16:08,73 le 14/06/2007

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Administrateur

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\All Users\Application Data

05/01/2007 11:52 <REP> SiteAdvisor
05/01/2007 11:44 <REP> McAfee
02/12/2006 18:16 <REP> PreEmptive Solutions
02/12/2006 18:13 <REP> Microsoft Help
24/10/2006 21:55 <REP> DVD Shrink
19/09/2006 17:02 <REP> Windows Genuine Advantage
18/09/2006 19:06 <REP> Google
16/09/2006 19:13 <REP> Spybot - Search & Destroy
18/05/2006 18:32 <REP> Adobe
21/04/2006 19:44 <REP> Thunk nurb eggs beep
20/03/2006 22:50 <REP> pixelStorm
07/03/2006 12:40 <REP> UDL
02/01/2006 20:21 <REP> River Past G4
01/01/2006 11:27 <REP> WhiteCap (Holiday Edition)
30/12/2005 15:12 <REP> Messenger Plus!
30/12/2005 06:59 <REP> McAfee.com
09/12/2005 22:07 <REP> Kodak
04/06/2005 19:32 <REP> Creative
14/10/2004 15:37 <REP> CyberLink
14/10/2004 11:58 <REP> QuickTime
14/10/2004 11:54 <REP> Ahead
14/10/2004 11:39 <REP> SBSI
13/10/2004 21:41 62 desktop.ini
13/10/2004 21:41 <REP> Microsoft
13/10/2004 21:41 <REP> ..
13/10/2004 21:41 <REP> .
1 fichier(s) 62 octets
25 R‚p(s) 37476478976 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Default User\Application Data

14/05/2005 07:39 <REP> CyberLink
14/05/2005 07:39 <REP> Adobe
14/05/2005 07:39 <REP> Help
14/05/2005 07:39 <REP> Macromedia
14/05/2005 07:39 <REP> Real
14/05/2005 07:39 <REP> Sun
13/10/2004 21:41 62 desktop.ini
13/10/2004 21:41 <REP> Microsoft
13/10/2004 21:41 <REP> ..
13/10/2004 21:41 <REP> .
13/10/2004 19:48 <REP> Identities
1 fichier(s) 62 octets
10 R‚p(s) 37476478976 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Etienne\Application Data

05/04/2007 22:56 <REP> AVSMedia
18/03/2007 20:34 <REP> Screenshot Sender
15/03/2007 09:25 <REP> MSNInstaller
25/01/2007 23:59 <REP> Steinberg
05/01/2007 12:53 <REP> SiteAdvisor
21/04/2006 19:44 <REP> Junk Noun Road
09/04/2006 09:50 <REP> Thunderbird
09/04/2006 09:50 <REP> Mozilla
08/03/2006 16:07 <REP> EPSON
04/03/2006 13:21 <REP> PDFcreator
25/02/2006 20:27 <REP> Google
02/01/2006 20:23 <REP> River Past G4
30/12/2005 17:02 <REP> FotoWire
09/12/2005 22:20 <REP> AdobeUM
28/08/2005 19:16 <REP> Creative
26/08/2005 11:21 <REP> Ahead
23/08/2005 19:54 <REP> ArcSoft
14/05/2005 07:41 62 desktop.ini
14/05/2005 07:41 <REP> Adobe
14/05/2005 07:41 <REP> Help
14/05/2005 07:41 <REP> Identities
14/05/2005 07:41 <REP> CyberLink
14/05/2005 07:41 <REP> Macromedia
14/05/2005 07:41 <REP> Microsoft
14/05/2005 07:40 <REP> Real
14/05/2005 07:40 <REP> Sun
14/05/2005 07:40 <REP> .
14/05/2005 07:40 <REP> ..
1 fichier(s) 62 octets
27 R‚p(s) 37476478976 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Florence

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Parents\Application Data

09/01/2007 15:12 <REP> SiteAdvisor
01/10/2006 19:42 <REP> Google
09/04/2006 15:34 <REP> Mozilla
09/04/2006 15:34 <REP> Thunderbird
16/03/2006 10:38 <REP> Notepad++
07/03/2006 12:48 <REP> EPSON
04/03/2006 12:41 <REP> AdobeUM
04/03/2006 12:35 <REP> PDFCreator
30/06/2005 13:37 26624 CDRusersDB.v12
14/05/2005 09:11 62 desktop.ini
14/05/2005 09:11 <REP> Adobe
14/05/2005 09:11 <REP> CyberLink
14/05/2005 09:11 <REP> Help
14/05/2005 09:11 <REP> Identities
14/05/2005 09:11 <REP> Macromedia
14/05/2005 09:11 <REP> Microsoft
14/05/2005 09:11 <REP> Real
14/05/2005 09:11 <REP> Sun
14/05/2005 09:11 <REP> .
14/05/2005 09:11 <REP> ..
2 fichier(s) 26686 octets
18 R‚p(s) 37476474880 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data

11/06/2005 20:04 <REP> ..
11/06/2005 20:04 <REP> Real
11/06/2005 20:04 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 37476474880 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Sophie

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\WINDOWS\Tasks

05/01/2007 11:53 366 McDefragTask.job
05/01/2007 11:53 356 McQcTask.job
13/10/2004 19:50 6 SA.DAT
13/10/2004 19:46 <REP> ..
13/10/2004 19:46 <REP> .
13/10/2004 19:36 65 desktop.ini
4 fichier(s) 793 octets
2 R‚p(s) 37ÿ476ÿ474ÿ880 octets libres

******************************************
Recherche dans Program files

Pas de dossiers relatifs à Lop
******************************************
Listing des dossier dans Program Files

888.com.ico
Adobe
Ahead
ArcSoft
ATI Technologies
Audacity
AVSMedia
Bethesda Softworks
CA
Canon
CE Remote Tools
Common Files
Coyote
Creative
CyberLink
DIFX
DigitalSoundPlanet
Disney Interactive
DivX
Dofus
DVD Decrypter
DVD Shrink
DWL-G520M Wireless 108G MIMO PCI Adapter
EA Games
Electronic Arts
epson
EPSON Print CD
EuroTalk
Fichiers communs
Finale 2007 Demo
GameSpy Arcade
GeoGebra
Google
Grisoft
Guitar Pro 5
HighMAT CD Writing Wizard
Hijackthis Version Fran‡aise
Home Cinema
HTML Help Workshop
Ihsv
Illustrate
index
Infogrames
INSTALL.LOG
Intel
Internet Explorer
Java
Junk Noun Road
KC Softwares
Kodak
Lavasoft
Ligos
LimeWire
Logitech
Macromedia
MagicDVDRipper
magicpic
Maxis
McAfee
McAfee.com
Medion Software
Messenger
Messenger Plus! Live
MessengerPlus! 3
Microprose
Microsoft Device Emulator
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft SQL Server 2005 Mobile Edition
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
MMT
MotorSports15
Movie Maker
Mozilla Firefox
Mozilla Thunderbird
MSBuild
MSN
MSN Apps
MSN Gaming Zone
MSN Messenger
MSN Webcam Recorder
MSXML 4.0
Music Mixer 4
Musicmatch
Navilog1
NetMeeting
Nikon
Notepad++
Online Services
Outlook Express
Oxygene
PDFCreator
PhotoFiltre
Pizzicato 3
QuickTime
Real
RealVNC
River Past
Services en ligne
Sibelius Software
Sierra
SiteAdvisor
SmartScore 5.2 Pro Demo
SoftChris
Spybot - Search & Destroy
Steinberg
StuffPlug3
Subduction
TGTSoft
The Adventure Company
themexp
VirginMega
Visicom Media
Windows Journal Viewer
Windows Live
Windows Media Components
Windows Media Connect
Windows Media Connect 2
Windows Media Player
Windows NT
WinPcap
WinRAR
WinZip
wrench.ico
X10 Hardware
xerox
Yahoo!
******************************************
Recherche d'infections connues

C:\WINDOWS\system32 Nvs2.inf
*************** Fin du rapport ****************
Rapport fait à 19:23:21,50 le 14/06/2007

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Administrateur

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\All Users\Application Data

05/01/2007 11:52 <REP> SiteAdvisor
05/01/2007 11:44 <REP> McAfee
02/12/2006 18:16 <REP> PreEmptive Solutions
02/12/2006 18:13 <REP> Microsoft Help
24/10/2006 21:55 <REP> DVD Shrink
19/09/2006 17:02 <REP> Windows Genuine Advantage
18/09/2006 19:06 <REP> Google
16/09/2006 19:13 <REP> Spybot - Search & Destroy
18/05/2006 18:32 <REP> Adobe
21/04/2006 19:44 <REP> Thunk nurb eggs beep
20/03/2006 22:50 <REP> pixelStorm
07/03/2006 12:40 <REP> UDL
02/01/2006 20:21 <REP> River Past G4
01/01/2006 11:27 <REP> WhiteCap (Holiday Edition)
30/12/2005 15:12 <REP> Messenger Plus!
30/12/2005 06:59 <REP> McAfee.com
09/12/2005 22:07 <REP> Kodak
04/06/2005 19:32 <REP> Creative
14/10/2004 15:37 <REP> CyberLink
14/10/2004 11:58 <REP> QuickTime
14/10/2004 11:54 <REP> Ahead
14/10/2004 11:39 <REP> SBSI
13/10/2004 21:41 62 desktop.ini
13/10/2004 21:41 <REP> Microsoft
13/10/2004 21:41 <REP> ..
13/10/2004 21:41 <REP> .
1 fichier(s) 62 octets
25 R‚p(s) 37365096448 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Default User\Application Data

14/05/2005 07:39 <REP> CyberLink
14/05/2005 07:39 <REP> Adobe
14/05/2005 07:39 <REP> Help
14/05/2005 07:39 <REP> Macromedia
14/05/2005 07:39 <REP> Real
14/05/2005 07:39 <REP> Sun
13/10/2004 21:41 62 desktop.ini
13/10/2004 21:41 <REP> Microsoft
13/10/2004 21:41 <REP> ..
13/10/2004 21:41 <REP> .
13/10/2004 19:48 <REP> Identities
1 fichier(s) 62 octets
10 R‚p(s) 37365096448 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Etienne\Application Data

14/06/2007 17:56 40036 server123.exe
05/04/2007 22:56 <REP> AVSMedia
18/03/2007 20:34 <REP> Screenshot Sender
15/03/2007 09:25 <REP> MSNInstaller
25/01/2007 23:59 <REP> Steinberg
05/01/2007 12:53 <REP> SiteAdvisor
21/04/2006 19:44 <REP> Junk Noun Road
09/04/2006 09:50 <REP> Thunderbird
09/04/2006 09:50 <REP> Mozilla
08/03/2006 16:07 <REP> EPSON
04/03/2006 13:21 <REP> PDFcreator
25/02/2006 20:27 <REP> Google
02/01/2006 20:23 <REP> River Past G4
30/12/2005 17:02 <REP> FotoWire
09/12/2005 22:20 <REP> AdobeUM
28/08/2005 19:16 <REP> Creative
26/08/2005 11:21 <REP> Ahead
23/08/2005 19:54 <REP> ArcSoft
14/05/2005 07:41 62 desktop.ini
14/05/2005 07:41 <REP> Adobe
14/05/2005 07:41 <REP> CyberLink
14/05/2005 07:41 <REP> Help
14/05/2005 07:41 <REP> Identities
14/05/2005 07:41 <REP> Macromedia
14/05/2005 07:41 <REP> Microsoft
14/05/2005 07:40 <REP> Real
14/05/2005 07:40 <REP> Sun
14/05/2005 07:40 <REP> ..
14/05/2005 07:40 <REP> .
13/10/2004 19:36 22371 addon.dat
13/10/2004 19:36 22040 plugin.dat
4 fichier(s) 84509 octets
27 R‚p(s) 37365092352 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Florence

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Parents\Application Data

09/01/2007 15:12 <REP> SiteAdvisor
01/10/2006 19:42 <REP> Google
09/04/2006 15:34 <REP> Mozilla
09/04/2006 15:34 <REP> Thunderbird
16/03/2006 10:38 <REP> Notepad++
07/03/2006 12:48 <REP> EPSON
04/03/2006 12:41 <REP> AdobeUM
04/03/2006 12:35 <REP> PDFCreator
30/06/2005 13:37 26624 CDRusersDB.v12
14/05/2005 09:11 62 desktop.ini
14/05/2005 09:11 <REP> Adobe
14/05/2005 09:11 <REP> CyberLink
14/05/2005 09:11 <REP> Help
14/05/2005 09:11 <REP> Identities
14/05/2005 09:11 <REP> Macromedia
14/05/2005 09:11 <REP> Microsoft
14/05/2005 09:11 <REP> Real
14/05/2005 09:11 <REP> Sun
14/05/2005 09:11 <REP> .
14/05/2005 09:11 <REP> ..
2 fichier(s) 26686 octets
18 R‚p(s) 37365092352 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data

11/06/2005 20:04 <REP> ..
11/06/2005 20:04 <REP> Real
11/06/2005 20:04 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 37365092352 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Sophie

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\WINDOWS\Tasks

05/01/2007 11:53 366 McDefragTask.job
05/01/2007 11:53 356 McQcTask.job
13/10/2004 19:50 6 SA.DAT
13/10/2004 19:46 <REP> ..
13/10/2004 19:46 <REP> .
13/10/2004 19:36 65 desktop.ini
4 fichier(s) 793 octets
2 R‚p(s) 37ÿ365ÿ092ÿ352 octets libres

******************************************
Recherche dans Program files

Pas de dossiers relatifs à Lop
******************************************
Listing des dossier dans Program Files

888.com.ico
Adobe
Ahead
ArcSoft
ATI Technologies
Audacity
AVSMedia
Bethesda Softworks
CA
Canon
CE Remote Tools
Common Files
Coyote
Creative
CyberLink
DIFX
DigitalSoundPlanet
Disney Interactive
DivX
Dofus
DVD Decrypter
DVD Shrink
DWL-G520M Wireless 108G MIMO PCI Adapter
EA Games
Electronic Arts
epson
EPSON Print CD
EuroTalk
Fichiers communs
Finale 2007 Demo
GameSpy Arcade
GeoGebra
Google
Grisoft
Guitar Pro 5
HighMAT CD Writing Wizard
Hijackthis Version Fran‡aise
Home Cinema
HTML Help Workshop
Ihsv
Illustrate
index
Infogrames
INSTALL.LOG
Intel
Internet Explorer
Java
Junk Noun Road
KC Softwares
Kodak
Lavasoft
Ligos
LimeWire
Logitech
Macromedia
MagicDVDRipper
magicpic
Maxis
McAfee
McAfee.com
Medion Software
Messenger
Messenger Plus! Live
MessengerPlus! 3
Microprose
Microsoft Device Emulator
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft SQL Server 2005 Mobile Edition
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
MMT
MotorSports15
Movie Maker
Mozilla Firefox
Mozilla Thunderbird
MSBuild
MSN
MSN Apps
MSN Gaming Zone
MSN Messenger
MSN Webcam Recorder
MSXML 4.0
Music Mixer 4
Musicmatch
Navilog1
NetMeeting
Nikon
Notepad++
Online Services
Outlook Express
Oxygene
PDFCreator
PhotoFiltre
Pizzicato 3
QuickTime
Real
RealVNC
River Past
Services en ligne
Sibelius Software
Sierra
SiteAdvisor
SmartScore 5.2 Pro Demo
SoftChris
Spybot - Search & Destroy
Steinberg
StuffPlug3
Subduction
TGTSoft
The Adventure Company
themexp
VirginMega
Visicom Media
Windows Journal Viewer
Windows Live
Windows Media Components
Windows Media Connect
Windows Media Connect 2
Windows Media Player
Windows NT
WinPcap
WinRAR
WinZip
wrench.ico
X10 Hardware
xerox
Yahoo!
******************************************
Recherche d'infections connues

Pas d'infection reconnue
*************** Fin du rapport ****************

Supprime le rapport lop.txt qui se trouve à la racine de ton disque dûr puis refais un scan.

je ne trouve pas de fichier lop.txt sur mon ordinateur...
j'ai lancé une recherche dans les disques C et D, mais ca n'a rien donné non plus...

Supprime tes version de LopResearch puis recommence  

Version 0.5
Rapport fait à 20:19:59,79 le 14/06/2007

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Administrateur

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\All Users\Application Data

05/01/2007 11:52 <REP> SiteAdvisor
05/01/2007 11:44 <REP> McAfee
02/12/2006 18:16 <REP> PreEmptive Solutions
02/12/2006 18:13 <REP> Microsoft Help
24/10/2006 21:55 <REP> DVD Shrink
19/09/2006 17:02 <REP> Windows Genuine Advantage
18/09/2006 19:06 <REP> Google
16/09/2006 19:13 <REP> Spybot - Search & Destroy
18/05/2006 18:32 <REP> Adobe
21/04/2006 19:44 <REP> Thunk nurb eggs beep
20/03/2006 22:50 <REP> pixelStorm
07/03/2006 12:40 <REP> UDL
02/01/2006 20:21 <REP> River Past G4
01/01/2006 11:27 <REP> WhiteCap (Holiday Edition)
30/12/2005 15:12 <REP> Messenger Plus!
30/12/2005 06:59 <REP> McAfee.com
09/12/2005 22:07 <REP> Kodak
04/06/2005 19:32 <REP> Creative
14/10/2004 15:37 <REP> CyberLink
14/10/2004 11:58 <REP> QuickTime
14/10/2004 11:54 <REP> Ahead
14/10/2004 11:39 <REP> SBSI
13/10/2004 21:41 62 desktop.ini
13/10/2004 21:41 <REP> Microsoft
13/10/2004 21:41 <REP> ..
13/10/2004 21:41 <REP> .
1 fichier(s) 62 octets
25 R‚p(s) 37361201152 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Default User\Application Data

14/05/2005 07:39 <REP> CyberLink
14/05/2005 07:39 <REP> Adobe
14/05/2005 07:39 <REP> Help
14/05/2005 07:39 <REP> Macromedia
14/05/2005 07:39 <REP> Real
14/05/2005 07:39 <REP> Sun
13/10/2004 21:41 62 desktop.ini
13/10/2004 21:41 <REP> Microsoft
13/10/2004 21:41 <REP> ..
13/10/2004 21:41 <REP> .
13/10/2004 19:48 <REP> Identities
1 fichier(s) 62 octets
10 R‚p(s) 37361201152 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Etienne\Application Data

14/06/2007 17:56 40036 server123.exe
05/04/2007 22:56 <REP> AVSMedia
18/03/2007 20:34 <REP> Screenshot Sender
15/03/2007 09:25 <REP> MSNInstaller
25/01/2007 23:59 <REP> Steinberg
05/01/2007 12:53 <REP> SiteAdvisor
21/04/2006 19:44 <REP> Junk Noun Road
09/04/2006 09:50 <REP> Thunderbird
09/04/2006 09:50 <REP> Mozilla
08/03/2006 16:07 <REP> EPSON
04/03/2006 13:21 <REP> PDFcreator
25/02/2006 20:27 <REP> Google
02/01/2006 20:23 <REP> River Past G4
30/12/2005 17:02 <REP> FotoWire
09/12/2005 22:20 <REP> AdobeUM
28/08/2005 19:16 <REP> Creative
26/08/2005 11:21 <REP> Ahead
23/08/2005 19:54 <REP> ArcSoft
14/05/2005 07:41 62 desktop.ini
14/05/2005 07:41 <REP> Adobe
14/05/2005 07:41 <REP> CyberLink
14/05/2005 07:41 <REP> Help
14/05/2005 07:41 <REP> Identities
14/05/2005 07:41 <REP> Macromedia
14/05/2005 07:41 <REP> Microsoft
14/05/2005 07:40 <REP> Real
14/05/2005 07:40 <REP> Sun
14/05/2005 07:40 <REP> ..
14/05/2005 07:40 <REP> .
13/10/2004 19:36 22371 addon.dat
13/10/2004 19:36 22040 plugin.dat
4 fichier(s) 84509 octets
27 R‚p(s) 37361197056 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Florence

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Parents\Application Data

09/01/2007 15:12 <REP> SiteAdvisor
01/10/2006 19:42 <REP> Google
09/04/2006 15:34 <REP> Mozilla
09/04/2006 15:34 <REP> Thunderbird
16/03/2006 10:38 <REP> Notepad++
07/03/2006 12:48 <REP> EPSON
04/03/2006 12:41 <REP> AdobeUM
04/03/2006 12:35 <REP> PDFCreator
30/06/2005 13:37 26624 CDRusersDB.v12
14/05/2005 09:11 62 desktop.ini
14/05/2005 09:11 <REP> Adobe
14/05/2005 09:11 <REP> CyberLink
14/05/2005 09:11 <REP> Help
14/05/2005 09:11 <REP> Identities
14/05/2005 09:11 <REP> Macromedia
14/05/2005 09:11 <REP> Microsoft
14/05/2005 09:11 <REP> Real
14/05/2005 09:11 <REP> Sun
14/05/2005 09:11 <REP> .
14/05/2005 09:11 <REP> ..
2 fichier(s) 26686 octets
18 R‚p(s) 37361197056 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Propri‚taire\Application Data

11/06/2005 20:04 <REP> ..
11/06/2005 20:04 <REP> Real
11/06/2005 20:04 <REP> .
0 fichier(s) 0 octets
3 R‚p(s) 37361197056 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\Documents and Settings\Sophie

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est B8A4-2C91

R‚pertoire de C:\WINDOWS\Tasks

05/01/2007 11:53 366 McDefragTask.job
05/01/2007 11:53 356 McQcTask.job
13/10/2004 19:50 6 SA.DAT
13/10/2004 19:46 <REP> ..
13/10/2004 19:46 <REP> .
13/10/2004 19:36 65 desktop.ini
4 fichier(s) 793 octets
2 R‚p(s) 37ÿ361ÿ197ÿ056 octets libres

******************************************
Listing des dossier dans Program Files

888.com.ico
Adobe
Ahead
ArcSoft
ATI Technologies
Audacity
AVSMedia
Bethesda Softworks
CA
Canon
CE Remote Tools
Common Files
Coyote
Creative
CyberLink
DIFX
DigitalSoundPlanet
Disney Interactive
DivX
Dofus
DVD Decrypter
DVD Shrink
DWL-G520M Wireless 108G MIMO PCI Adapter
EA Games
Electronic Arts
epson
EPSON Print CD
EuroTalk
Fichiers communs
Finale 2007 Demo
GameSpy Arcade
GeoGebra
Google
Grisoft
Guitar Pro 5
HighMAT CD Writing Wizard
Hijackthis Version Fran‡aise
Home Cinema
HTML Help Workshop
Ihsv
Illustrate
index
Infogrames
INSTALL.LOG
Intel
Internet Explorer
Java
Junk Noun Road
KC Softwares
Kodak
Lavasoft
Ligos
LimeWire
Logitech
Macromedia
MagicDVDRipper
magicpic
Maxis
McAfee
McAfee.com
Medion Software
Messenger
Messenger Plus! Live
MessengerPlus! 3
Microprose
Microsoft Device Emulator
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft SQL Server 2005 Mobile Edition
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
MMT
MotorSports15
Movie Maker
Mozilla Firefox
Mozilla Thunderbird
MSBuild
MSN
MSN Apps
MSN Gaming Zone
MSN Messenger
MSN Webcam Recorder
MSXML 4.0
Music Mixer 4
Musicmatch
Navilog1
NetMeeting
Nikon
Notepad++
Online Services
Outlook Express
Oxygene
PDFCreator
PhotoFiltre
Pizzicato 3
QuickTime
Real
RealVNC
River Past
Services en ligne
Sibelius Software
Sierra
SiteAdvisor
SmartScore 5.2 Pro Demo
SoftChris
Spybot - Search & Destroy
Steinberg
StuffPlug3
Subduction
TGTSoft
The Adventure Company
themexp
VirginMega
Visicom Media
Windows Journal Viewer
Windows Live
Windows Media Components
Windows Media Connect
Windows Media Connect 2
Windows Media Player
Windows NT
WinPcap
WinRAR
WinZip
wrench.ico
X10 Hardware
xerox
Yahoo!
******************************************
Recherche dans Program files

Pas de dossiers relatifs à Lop
******************************************
Recherche d'infections connues

Pas d'infection reconnue
*************** Fin du rapport ****************

Re,

Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Sophie\Local Settings\Temporary Internet Files\Content.IE5\AQYX5PKI\ErrorSafeScannerInstall_fr[1].exe"
O4 - HKLM\..\Run: [jqjqarb] c:\windows\system32\jqjqarb.exe jqjqarb
O4 - HKLM\..\Run: [eggs beep base cdrom] C:\Documents and Settings\All Users\Application Data\Thunk nurb eggs beep\signvc.exe
O4 - HKCU\..\Run: [1Wma] C:\DOCUME~1\LOCALS~1\APPLIC~1\JUNKNO~1\BARBSLOWCURB.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Etienne\Application Data\server123.exe

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\Documents and Settings\All Users\Application Data\Thunk nurb eggs beep
C:\Documents and Settings\Etienne\Application Data\Screenshot Sender
C:\Documents and Settings\Etienne\Application Data\Junk Noun Road
C:\Documents and Settings\Etienne\Application Data\server123.exe

---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-

Folder cleanup failed. C:\Documents and Settings\All Users\Application Data\Thunk nurb eggs beep scheduled to be deleted on reboot.
C:\Documents and Settings\Etienne\Application Data\Screenshot Sender moved successfully.
C:\Documents and Settings\Etienne\Application Data\Junk Noun Road moved successfully.
C:\Documents and Settings\Etienne\Application Data\server123.exe moved successfully.

Created on 06/14/2007 20:35:08

Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 21:11:46, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radioblogclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Sophie\Local Settings\Temporary Internet Files\Content.IE5\AQYX5PKI\ErrorSafeScannerInstall_fr[1].exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe
O4 - Global Startup: DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDCC25D-7BF2-4F54-B3F7-D216BA42A939}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {0608D482-6264-46AA-A0C3-A926095A008A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Re,

Fais un scan en ligne Kaspersky avec Internet Explorer :

Clique sur

Clique maintenant sur J'accepte.

Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.

Patiente pendant l'installation des Mises à jour.

Choisis par la suite l'analyse du Poste de travail

Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

Je n'arrive pas a poster le rapport, il est trop long. Je n'arrive meme pas à le copier dans Word...

Tu peux le mettre sur le site C-Joint ?

Non il fait presque 20Mo, d'ailleurs ca m'epate qu'un rapport fasse cette taille !

Donne-moi uniquement les lignes avec "Infecté"

Je pense qu'il y a un bug. Dans Nom de l'objet infecté y'a plusieurs miliers de fichiers, alors que :
Statistiques de l'analyse
Total d'objets analysés 307618
Nombre de virus trouvés 3
Nombre d'objets infectés 22 / 0
Nombre d'objets suspects 0
Durée de l'analyse 01:32:52

Peut etre faut-il relancer une analyse?

Je veux les lignes du rapport avec Infecté: à la fin.

C:\Documents and Settings\All Users\Application Data\Thunk nurb eggs beep\signvc.exe
C:\Documents and Settings\Etienne\Bureau\MSNFix\13062007_23121612.zip/backup/photos.zip/webcam_photos-2007-06.scr
C:\Documents and Settings\Etienne\Bureau\MSNFix\13062007_23121612.zip/backup/photos.zip
C:\Documents and Settings\Etienne\Bureau\MSNFix\13062007_23121612.zip/backup/syshelps.dll
C:\Documents and Settings\Etienne\Bureau\MSNFix\13062007_23121612.zip
C:\Documents and Settings\LocalService\Application Data\Junk Noun Road\BARBSLOWCURB.exe
C:\Documents and Settings\NetworkService\Application Data\Junk Noun Road\BARBSLOWCURB.exe

Voila

Re,

Supprime ces dossiers :
C:\Documents and Settings\All Users\Application Data\Thunk nurb eggs beep
C:\Documents and Settings\LocalService\Application Data\Junk Noun Road
C:\Documents and Settings\NetworkService\Application Data\Junk Noun Road
C:\Documents and Settings\Etienne\Bureau\MSNFix

Voila j'ai supprimés ces dossiers

Tu peuix refaire un scan Kaspersky ?

voila je viens de lancer le scan.

Statistiques de l'analyse
Total d'objets analysés 308964
Nombre de virus trouvés 3
Nombre d'objets infectés 22 / 0
Nombre d'objets suspects 0
Durée de l'analyse 01:47:32

Le scan est trop long pour etre affiché, je dois faire comme la derniere fois, relever les fichiers infectés?

Oui.