Sujet Précédent Sujet Suivant

Win 32 non valide

pseudo1190 -  
jorginho67 Messages postés 15447 Statut Contributeur sécurité -
Bonjour,

g un gros problème quant je lance avast il me mé application win 32 non valide g donc voulu nettoyer le pc avec ccleaner en pensant que sa aller s'arreter mais celui ci ne se lance pas et pui la derniére et la meilleur je n'ai plus de cd de reinstallation windows xp il est rayé donc ne passe + dans le lecteur

Merci a celui qui pourra m'aider

dsl pour les fautes
A voir également:

46 réponses

Réponse 1 / 46
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Salut

Reste ici, c'est pas fini...

Tu as d'autres infections :
Entre autres :
O4 - HKCU\..\Run: [camuc] "c:\documents and settings\nicolas langevin\local settings\application data\camuc.exe" camuc
Navipromo...

totobetourne tu as vu juste ;-)

Note ( MBAM ne la nettoie pas a fond, faire passer Navilog ;-) )

De plus, si tu n'as pas viré tes CRACKS, dans deux heures tu reviens...

Il faut également réinstaller TOUS les programmes de sécurité ( AV, AS, etc... )

Sache que Bagle est une infection qu'on attrape en téléchargeant des cracks sur peer to peer.
Il supprime les antivirus, firewall, empèche le redémarrage en mode sans échec... et ralentit considérablement l'ordinateur.

S'il y a bien une infection que l'on attrape stupidement, c'est celle-ci.

Bonne continuation, ( et désolé pour l'intrusion )

;-)
1
Réponse 2 / 46
Utilisateur anonyme
 
Telecharge Findykill sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

tutoriel installation http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_instal.html

tutoriel recherche http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_recherche.html

/!\ Ne fais pas le nettoyage tout dessuite /!\

Lance l installation avec les parametres par default

Double clic sur le raccourci FindyKill sur ton bureau

Au menu principal,choisi l option 1 (Recherche)

Post le rapport FindyKill.txt

* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 3 / 46
pseudo1990 Messages postés 1145 Statut Membre 122
 
Franchement c pas trés bon regarde:

############################## [ FindyKill V4.725 ]

# User : Nicolas Langevin (Administrateurs) # LANGEVIN-D32CEC
# Update on 19/04/09 by Chiquitine29
# Start at: 17:37:05 | 19/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Celeron(R) CPU 2.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 37,27 Go (23,77 Go free) # NTFS
# D:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Messenger\msmsgs.exe
C:\documents and settings\nicolas langevin\local settings\application data\camuc.exe
C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\winupgro.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Nicolas Langevin\Application Data\m\flec006.exe
C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\downld\578578.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wintems.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Processus infectieux stoppés ]

"C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\winupgro.exe" (728)
"C:\Documents and Settings\Nicolas Langevin\Application Data\m\flec006.exe" (2324)
"C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\downld\578578.exe" (2872)
"C:\WINDOWS\system32\wintems.exe" (236)

################## [ Infected File \ Folder ]

Found ! C:\WINDOWS\Prefetch\PATCHJRE.EXE-065EAC0D.pf
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\ban_list.txt
Found ! C:\WINDOWS\system32\drivers\down
Found ! C:\WINDOWS\system32\drivers\down\894609.exe
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\shared"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\srvlist.oct"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\downld"

################## [ Infected Temp Files ]

Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\b64_1[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\b64_3[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\b64_6[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\file[1].txt
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\mxd[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\mxd[2].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_1[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_1[2].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_2[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_3[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_6[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\mxd[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64[2].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_1[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_2[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_3[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_3[2].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_6[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\ieps[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\mxd[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\servernames[1].htm
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64[2].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64_3[1].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64_3[2].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64_3[3].jpg
Found ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64_6[1].jpg
Found ! C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp\Rar$EX00.907\serial.exe

################## [ Registre / Clés infectieuses ]

Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\Local AppWizard-Generated Applications\serial
Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\FFC
Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\FirtR
Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\MuleAppData
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

################## [ Recherche dans supports amovibles]

# Recherche fichiers connus :

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.725 ! ]

Et merci quand meme d'avoir repondu aussi vite
0
Réponse 4 / 46
Utilisateur anonyme
 
comme tu dis :))

tutoriel nettoyage http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_nettoyage.html

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

Double clic sur le raccourci FindyKill sur ton bureau

Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

ensuite post le rapport FindyKill.txt

* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

A lire :

Le danger des cracks http://forum.malekal.com/ftopic893.php

Bagle/Beagle https://forum.malekal.com/viewtopic.php?f=33&t=4442
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 46
pseudo1990 Messages postés 1145 Statut Membre 122
 
Ok c fait voila le rapport

############################## [ FindyKill V4.725 ]

# User : Nicolas Langevin (Administrateurs) # LANGEVIN-D32CEC
# Update on 19/04/09 by Chiquitine29
# Start at: 16:52:09 | 19/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Celeron(R) CPU 2.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 37,27 Go (23,77 Go free) # NTFS
# D:\ # Disque CD-ROM # 591,77 Mo (0 Mo free) [VPOEM_FR] # CDFS

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected File \ Folder ]

Deleted ! C:\WINDOWS\Prefetch\PATCHJRE.EXE-065EAC0D.pf
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! C:\WINDOWS\system32\ban_list.txt
Deleted ! C:\WINDOWS\system32\drivers\down
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\list.oct"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\data.oct"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m\shared"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\m"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\Nicolas Langevin\Application Data\drivers"

################## [ Infected Temp Files ]

Deleted ! C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp\NERO1003378\unit_tpi_directx-9c-redist-d3dx9-30\DXSETUP.exe
Deleted ! C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp\Rar$EX00.907\serial.exe
Deleted ! C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp\VSD90.tmp\setup.exe
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\b64_6[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\file[1].txt
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\mxd[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\02TUJLW5\mxd[2].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_2[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\b64_6[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\1B34BYZX\mxd[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64[2].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_2[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\b64_6[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\ieps[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\mxd[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\KEJFCLG9\servernames[1].htm
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64[2].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64_3[3].jpg
Deleted ! C:\Documents and Settings\Nicolas Langevin\Local Settings\Temporary Internet Files\Content.IE5\Z8E1UET0\b64_6[1].jpg

################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\FirtR
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\FFC
Deleted ! HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1003\Software\MuleAppData
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]

# Deleting Files :

Not deleted ! D:\autorun.inf

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# WinDefend -> # Type of startup =2
# Safe boot mode restored !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Nicolas Langevin\Application Data\drivers\winupgro.exe
CRC32 .. : baf4dc44
MD5 .... : 7a8104e7384b100f8ad845efff80d37c

Deleted ! : C:\Documents and Settings\Nicolas Langevin\Mes documents\Ma musique\Baby Hillbilly Rap Demo Screensaver 1.0 [Crack].zip
Contain keygen.exe [847872] with Bagle CRC32 : 65A95934

Deleted ! : C:\Documents and Settings\Nicolas Langevin\Mes documents\Ma musique\Rap Dog Clock Screensaver 1.0 Patch.zip
Contain patch.exe [847872] with Bagle CRC32 : 65A95934

Deleted ! : C:\Program Files\SuperCopier2\SuperCopier2.exe
# Taille : 856064 # MD5 : 7A8104E7384B100F8AD845EFFF80D37C

################## [ Corrupted files # Re-Installation required ]

C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\register.exe
C:\Program Files\Windows Defender\MSASCui.exe

################## [ ! End of Report # FindyKill V4.725 ! ]
0
Réponse 6 / 46
Utilisateur anonyme
 
Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 7 / 46
totobetourne Messages postés 5677 Statut Membre 65
 
bonjour

je me permet de dire comme avast est a reinstaller autant le desinstaller et de mettre a la place antivir.

qu en penses tu neophyte?

je crois aussi infection navilog. je te laisse faire .
0
Réponse 8 / 46
pseudo1990 Messages postés 1145 Statut Membre 122
 
RAPPORT LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nicolas Langevin at 2009-04-19 17:14:17
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 27 GB (70%) free of 38 GB
Total RAM: 1271 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:27, on 19/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\documents and settings\nicolas langevin\local settings\application data\camuc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nicolas Langevin\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Nicolas Langevin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://coramail.net/r2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://coramail.net/r2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Horloge Parlante 3000] C:\Documents and Settings\Nicolas Langevin\Menu Démarrer\Programmes\Horloge Parlante 3000\Horloge Parlante 3000.appref-ms
O4 - HKCU\..\Run: [camuc] "c:\documents and settings\nicolas langevin\local settings\application data\camuc.exe" camuc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Sunbird.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bw+0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EDA0398D-682F-4680-8A63-53A8D969544E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)
0
Réponse 9 / 46
Utilisateur anonyme
 
Télécharge Malwarebytes https://www.androidworld.fr/

Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement.

Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

Lance une analyse complète en cliquant sur "Exécuter un examen complet"

Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

L'analyse peut durer un bon moment.....

Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
0
Réponse 10 / 46
pseudo1990 Messages postés 1145 Statut Membre 122
 
Merci neophyte sa marche mais comment je fait en fait pour fermer le sujet?
0
Réponse 11 / 46
Utilisateur anonyme
 
euhhhhhhhhhhh
pas bien compris pourquoi tu veux fermer le sujet, c'est loin d'etre fini ?
0
Réponse 12 / 46
pseudo1990 Messages postés 1145 Statut Membre 122
 
Ben c bon il ne me le fait +
0
Réponse 13 / 46
Utilisateur anonyme
 
tu aes infecté par Bagle, si tu as lu les liens que je t'ai donné, on est loin d'avoir fini ;)

ou ds 3 jours tu reviens !

MBAM est passé le rapport stp
0
Réponse 14 / 46
Utilisateur anonyme
 
jorginho et totobetourne merci ;)
j'avais pas vu ton intervention totobetourne et pas vu navilog ;) merci

pseudo 1990
c'est clair pour toi ?

il y a une infection MagicControl/navipromo, qui s'installe via des programmes dits "gratuits", dont ceux-ci :
Funky Emoticons
Games Attack
go-astro
GoRecord
HotTVPlayer / HotTVPlayer & Paris Hilton
Live-Player
MailSkinner
Messenger Skinner
Original-solitaire
Instant Access
InternetGameBox
Officiale Emule (Version d'Emule modifiée)
Sudoplanet
Webmediaplayer

Pour la supprimer, merci de suivre exactement cette procédure :

Télécharge maintenant Navilog1 (de IL-MAFIOSO) depuis-ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton Bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, lance Navilog depuis le raccourci présent sur le Bureau

Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message : "Analyse Termine le..."
Appuie sur une touche, le bloc note va s'ouvrir.
Copie-colle l'intégralité du rapport ici.
0
Réponse 15 / 46
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
;-)

A mon avis, il a plus ou moins un pc nettoyé, il ne va pas revenir... ( peut être dans deux/trois jours... )

Il và garder ses cracks, donc, dès qu'il en relancera un, rebellotte... Au secours... application win 32 valide que faire? pouvez vous m'aidez merci d'avance.

Fais passer Toolbar SD après Navilog, juste pour voir ;-))

@+
0
Réponse 16 / 46
Utilisateur anonyme
 
^^ j'ai horreur de me faire planter, on verra, nous on reste, la moindre des choses c'est de faire pareil ^^
au pire s'il reviens ds 2 jrs , on le reperera ^^ et on l'aidera quand meme lol

ps: content de te voir joringo, j'ai entendu de bonnes choses sur toi et je disais justement qu'on te voyais plus souvent;)
0
Réponse 17 / 46
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
J'ai fais un break un petit moment...

L'impression de lutter contre des moulins ( comme Don Quichotte ) ;-DD

A croire que plus on fait de la prévention, plus les gens tombent dans le panneau...

Pour Bagle, certains forums ne les traitent même plus...
Vu qu'on sait qu'on le choppe avec des téléchargements de logiciels payants...

au pire s'il reviens ds 2 jrs , on le reperera ^^ et on l'aidera quand meme lol

Bein ouais... C'est le jeu ;-)
0
Réponse 18 / 46
Utilisateur anonyme
 
^^
0
Réponse 19 / 46
pseudo1990 Messages postés 1145 Statut Membre 122
 
C pas que je suis parti je revient jété parti en deplacement je n'ai donc pas pu lire vos message
Donc tu disais que je telecherge quel fichier pour continuer?
0
Réponse 20 / 46
pseudo1990 Messages postés 1145 Statut Membre 122
 
quel fichier deja??
0

Discussions similaires

problème reconnaissance url liste iptv avec smartiptv
jo56jo -
Farid43 -

8 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses