Démarrage Avast + Centre de Sécu Impossible

Fermé
ludoranv - 22 mai 2009 à 14:51
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 - 23 mai 2009 à 21:43
Bonjour,

Suite à un téléchargement hasardeux, je me retrouve avec un ralentissement trés important de mon PC.
Aprés le téléchargement du fichier en question, Avast avait détecté un Cheval de Troie. J'ai bien fait "Mettre en Quarantaine" mais celà n'a apparemment pas suffi. Aprés, le PC a redemmaré tout seul (+ de 5 mn à redémmarrer) et depuis il rame énormément, Avast ne démarre plus avec le message suivant: C:@Program Files\Alwil Software\Avast4\ashAvast.exe n'est pas une application Win32 valide. Le centre de sécurité ne veut plus démarrer non plus. J'ai vu que les services étaient désactivé mais il m'est impossible de les relancer. Please, aidez moi SVP !!!!
A voir également:

12 réponses

Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
22 mai 2009 à 14:53
Salut,

*Télécharges FindyKill de Chiquitine29 :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

->Enregistres le sur ton bureau et pas ailleurs !

!! Déconnectes toi et fermes toute applications en cours !!

->double Cliques sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

--> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt
0
Voici le rapport:


############################## [ FindyKill V4.729 ]

# User : Sophie et Ludo (Administrateurs) # ORDI-LUDO-SOPHI
# Update on 19/05/09 by Chiquitine29
# Start at: 14:59:31 | 22/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 153,38 Go (20,21 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# Z:\ # Connexion réseau # 153,38 Go (20,21 Go free) # NTFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\rkfree\rkfree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\Sophie et Ludo\Application Data\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Processus infectieux stoppés ]

"C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe" (3300)
"C:\Documents and Settings\Sophie et Ludo\Application Data\m\flec006.exe" (2160)
"C:\WINDOWS\system32\wintems.exe" (3728)

################## [ Fichiers / Dossiers infectieux ]

Found ! C:\WINDOWS\Prefetch\194343.EXE-2E2D8AC3.pf
Found ! C:\WINDOWS\Prefetch\207828.EXE-30A92E17.pf
Found ! C:\WINDOWS\Prefetch\349937.EXE-26B063EF.pf
Found ! C:\WINDOWS\Prefetch\356765.EXE-2FB551FE.pf
Found ! C:\WINDOWS\Prefetch\359093.EXE-064D5F01.pf
Found ! C:\WINDOWS\Prefetch\371078.EXE-0D74A145.pf
Found ! C:\WINDOWS\Prefetch\384546.EXE-22FFA4F7.pf
Found ! C:\WINDOWS\Prefetch\385140.EXE-38D0F7B0.pf
Found ! C:\WINDOWS\Prefetch\395218.EXE-288F8C12.pf
Found ! C:\WINDOWS\Prefetch\396750.EXE-128DD688.pf
Found ! C:\WINDOWS\Prefetch\425265.EXE-24EFFA4C.pf
Found ! C:\WINDOWS\Prefetch\454937.EXE-1652D285.pf
Found ! C:\WINDOWS\Prefetch\600656.EXE-0B6669B6.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-3250BE36.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! C:\WINDOWS\system32\ban_list.txt
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\drivers\down
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\downld"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\shared"
Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\srvlist.oct"

################## [ Infected Temp Files ]

Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\4ENROYW7\b64[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5F7MR1P0\ieps[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5Z9A5MD1\b64_1[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5Z9A5MD1\b64_3[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\8RV13Q7M\b64_3[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\DA2DHTQE\b64_3[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\FUN9I0MH\file[1].txt
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\ICC2LXLZ\b64[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\JR3HG65L\b64_6[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\LQUURAM9\b64_6[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\NGNGPGHU\b64_3[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\NYVF5DX9\b64_1[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\TABZX11I\b64_1[1].jpg
Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\TY9VCNCQ\b64_3[1].jpg

################## [ Registre / Clés infectieuses ]

Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\FFC
Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\MuleAppData
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

################## [ Recherche dans supports amovibles]


################## [ Registre / Mountpoints2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.729 ! ]
0
Bonjour Chiquitine29, je le fais de suite...
0
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
22 mai 2009 à 15:07
+

* Il s'agit de Bagle et cette infection arrive lorsque tu télécharges des cracks ou keygens, je te conseille donc de les supprimer si tu en as encore

Déconnectes toi et fermes toutes les applications en cours ( navigateur compris ) .

* Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

* Relances "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

* Le pc va redémarrer automatiquement ...

--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c'est normal !

* Postes le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
0
Ok, je fais ça de suite.

Pourtant, je n'ai téléchargé aucun crack, seulement un logiciel de puzzles...

Je te postes le rapport dés que tout ça est terminé...
0
Voilà, c'est fait. Le PC a bien redémarré avec le centre de Sécurité qui refonctionne. Il m'affiche cepndant qu'aucun Antivirus n'est installé. Faut il que je démarre manuellement Avast ?

Voici le rapport:


############################## [ FindyKill V4.729 ]

# User : Sophie et Ludo (Administrateurs) # ORDI-LUDO-SOPHI
# Update on 19/05/09 by Chiquitine29
# Start at: 15:13:38 | 22/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 153,38 Go (20,21 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# Z:\ # Connexion réseau # 153,38 Go (20,21 Go free) # NTFS

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\194343.EXE-2E2D8AC3.pf
Deleted ! C:\WINDOWS\Prefetch\207828.EXE-30A92E17.pf
Deleted ! C:\WINDOWS\Prefetch\349937.EXE-26B063EF.pf
Deleted ! C:\WINDOWS\Prefetch\356765.EXE-2FB551FE.pf
Deleted ! C:\WINDOWS\Prefetch\359093.EXE-064D5F01.pf
Deleted ! C:\WINDOWS\Prefetch\371078.EXE-0D74A145.pf
Deleted ! C:\WINDOWS\Prefetch\384546.EXE-22FFA4F7.pf
Deleted ! C:\WINDOWS\Prefetch\385140.EXE-38D0F7B0.pf
Deleted ! C:\WINDOWS\Prefetch\395218.EXE-288F8C12.pf
Deleted ! C:\WINDOWS\Prefetch\396750.EXE-128DD688.pf
Deleted ! C:\WINDOWS\Prefetch\425265.EXE-24EFFA4C.pf
Deleted ! C:\WINDOWS\Prefetch\454937.EXE-1652D285.pf
Deleted ! C:\WINDOWS\Prefetch\600656.EXE-0B6669B6.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-3250BE36.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-3521559F.pf
Deleted ! C:\WINDOWS\system32\ban_list.txt
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! C:\WINDOWS\system32\drivers\down
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\data.oct"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\list.oct"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\shared"
Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m"

################## [ Infected Temp Files ]

Deleted ! C:\DOCUME~1\SOPHIE~1\LOCALS~1\Temp\Rar$EX01.687\run.exe
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\4ENROYW7\b64[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5F7MR1P0\ieps[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5Z9A5MD1\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5Z9A5MD1\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\8RV13Q7M\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\DA2DHTQE\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\FUN9I0MH\file[1].txt
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\ICC2LXLZ\b64[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\JR3HG65L\b64_6[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\LQUURAM9\b64_6[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\NGNGPGHU\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\NYVF5DX9\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\TABZX11I\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\TY9VCNCQ\b64_3[1].jpg

################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\FFC
Deleted ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\MuleAppData
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe
CRC32 .. : 97ab0f4c
MD5 .... : de8157dc3d5130f1027d64e963785e18

Deleted ! : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
# Taille : 868352 # MD5 : DE8157DC3D5130F1027D64E963785E18


################## [ Corrupted files # Re-Installation required ]

C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\register.exe

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of Report # FindyKill V4.729 ! ]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
22 mai 2009 à 15:51
+
Ton antivirus est HS, il va falloir en réinstaller un autre,j e te propose de changer d'antivirus car Avast n'est plus trop recommandé actuellement...

- Si tu es d'accord, telecharges Avira antivir qui est ce qu'on fait de mieux en gratuit actuellement

- Supprimes d'abord Avast à partir du panneau de configuration --> ajouter/supprimer un programme

- Il se peut que tu n'arrives pas a le desinstaller manuellement, dans ce cas utilises l'utilitaire de desinstallation d'Avast

Pourquoi Antivir et pas Avast

- Ci dessous un tuto pour l'installer correctement :

Tutoriel Avira antivir

Ensuite,

Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe

- Fermes toutes les applications en cours et double clic sur RSIT.exe
- Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
- Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches
- Postes le contenu des 2 rapports
0
Me revoilà...

J'ai donc tout effectué et voici ce que j'obtiens:

1 er rapport:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sophie et Ludo at 2009-05-22 18:56:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 21 GB (13%) free of 157 GB
Total RAM: 959 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:31, on 22/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\rkfree\rkfree.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\Sophie et Ludo\Bureau\RSIT.exe
C:\Program Files\trend micro\Sophie et Ludo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: zlio-fr Toolbar - {b532bd48-7123-4985-91b8-33b3e11778fa} - C:\Program Files\zlio-fr\tbzlio.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: zlio-fr Toolbar - {b532bd48-7123-4985-91b8-33b3e11778fa} - C:\Program Files\zlio-fr\tbzlio.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: zlio-fr Toolbar - {b532bd48-7123-4985-91b8-33b3e11778fa} - C:\Program Files\zlio-fr\tbzlio.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\rkfree\rkfree.exe" /b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm794YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F1EBAA1-1A60-4AC0-BA8C-94DC7E417581}: NameServer = 80.10.246.2
O18 - Protocol: bw+0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
22 mai 2009 à 22:09
Bonsoir

Pour suivre à la demande de Ced_King

0
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
22 mai 2009 à 22:15
+

Avant de continuer, j'ai une question a te poser : ta version windows XP est elle légale ?

0
Bonsoir,

Je sais pas trop si ma version est légale mais je pense que oui puisque j'ai acheté l'ordi à un copain qui l'avait acheté chez Boulanger...il ne l'avait pas réinstallé donc normalement...
0
Je viens de vérifier et la clé rentrée dans Windows est bien celle inscrite sur le coté de mon PC (sur une étiquette verte et bleue...)
0
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
23 mai 2009 à 12:18
Bonjour,

* Ok, peux tu faire ceci stp :

* Rends toi sur ce site :https://www.virustotal.com/gui/

- Cliques sur <parcourir> et cherches ce fichier : C:\WINDOWS\system32\antiwpa.dll

- Cliques sur <Send File>.

- Un rapport va s'élaborer ligne à ligne.

- Attends la fin. Il doit comprendre la taille du fichier envoyé.

- Sauvegardes le rapport avec le bloc-note et copies le dans ta réponse.
0
Voici le rapport aprés analyse du fichier antiwpa.dll:

Fichier antiwpa.dll reçu le 2009.05.23 12:45:49 (UTC)


Antivirus Version
Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.23 -
AhnLab-V3 5.0.0.2 2009.05.23 -
AntiVir 7.9.0.168 2009.05.23 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.22 -
Avast 4.8.1335.0 2009.05.22 -
AVG 8.5.0.339 2009.05.23 -
BitDefender 7.2 2009.05.23 -
CAT-QuickHeal 10.00 2009.05.23 -
ClamAV 0.94.1 2009.05.22 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.23 -
eSafe 7.0.17.0 2009.05.21 -
eTrust-Vet 31.6.6519 2009.05.23 -
F-Prot 4.4.4.56 2009.05.22 -
F-Secure 8.0.14470.0 2009.05.23 -
Fortinet 3.117.0.0 2009.05.23 -
GData 19 2009.05.23 -
Ikarus T3.1.1.49.0 2009.05.23 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.23 -
McAfee 5623 2009.05.22 -
McAfee+Artemis 5623 2009.05.22 -
McAfee-GW-Edition 6.7.6 2009.05.23 -
Microsoft 1.4701 2009.05.23 -
NOD32 4098 2009.05.22 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.23 -
Panda 10.0.0.14 2009.05.23 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.23 -
Rising 21.30.52.00 2009.05.23 -
Sophos 4.42.0 2009.05.23 -
Sunbelt 3.2.1858.2 2009.05.23 -
Symantec 1.4.4.12 2009.05.23 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.23 -
VBA32 3.12.10.5 2009.05.23 -
ViRobot 2009.5.23.1749 2009.05.23 -
VirusBuster 4.6.5.0 2009.05.22 -
Information additionnelle
File size: 60416 bytes
MD5...: b80a024ddd9bfa1685d72feafba76db6
SHA1..: 3493dbe43d0565ae7741ae5e46c36dc16c4b313e
SHA256: c431c7d25104eaae403bad3e8b0d8cbcf66cb54abf2553497964a28f8eaecd55
SHA512: 8bf9f83c63abf48fb241833ad267eff52942f6fb81a0d35cceeccd0e06ebde80
5993cdd7a3b98a20c7bd291376587beb5a121aec9a9c09737d987859c9548226
ssdeep: 1536:RCHZA/2h2oh45FPvLbhn6W4ZIKxrf5XJO:gHZA/2hgFPvHh6K8XI

PEiD..: -
TrID..: File type identification
Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x109b
timedatestamp.....: 0x3ed01836 (Sun May 25 01:11:18 2003)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x338a 0x3400 6.39 427fe19ba8185116f41488ee967c0bc9
.rdata 0x5000 0x8c54 0x8e00 3.17 1597d92d56446bc80ab6f2464fe8dba2
.data 0xe000 0x7ac 0x600 3.76 f83077b31136047cc7c501420db587a6
.rsrc 0xf000 0x310 0x400 2.62 0557726ae92f652eb806cb193289bd6a
.reloc 0x10000 0x1a08 0x1c00 6.18 971ffa7bb7b24aff37555da8e64fa8e5

( 6 imports )
> KERNEL32.dll: MoveFileA, GetTickCount, GetLastError, DeleteFileA, lstrcmpiA, CopyFileA, VirtualAlloc, GetProcAddress, LoadLibraryA, GetModuleFileNameA, GetSystemWindowsDirectoryA, lstrlenA, VirtualProtect, lstrcmpA
> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA
> USER32.dll: GetSystemMetrics
> SHELL32.dll: ShellExecuteA
> SHLWAPI.dll: PathAppendA, PathStripPathA
> MSVCRT.dll: strchr, sprintf, abort, _except_handler3, _vsnprintf

( 3 exports )
DllRegisterServer, DllUnregisterServer, onStartup

PDFiD.: -
RDS...: NSRL Reference Data Set
-
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b80a024ddd9bfa1685d72feafba76db6' target='_blank'>http://research.sunbelt-software.com/...
0
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
23 mai 2009 à 15:10
- Telecharges Malwarebytes' Anti-Malware :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour
- Une fois installé, fermes toutes les applications en cours et lances Malwarebytes
- Executes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)
- A la fin du scan clic sur " Afficher les resultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la selection "
- Si il a besoin de redemarrer le pc pour finir la desinfection, acceptes
- Un rapport s'etablira, postes son contenu.

0
Voici le rapport:


23/05/2009 19:22:48
mbam-log-2009-05-23 (19-22-48).txt

Type de recherche: Examen rapide
Eléments examinés: 90044
Temps écoulé: 7 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Sophie et Ludo\Local Settings\Application Data\lqglj_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sophie et Ludo\Local Settings\Application Data\lqglj_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sophie et Ludo\Local Settings\Application Data\lqglj.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
0
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 571
23 mai 2009 à 21:43
Bizarre que Virus-total ne l'est pas vu comme néfaste :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

Chez Bleepingcomputer : https://www.bleepingcomputer.com/startups/antiwpa.dll-21379.html

An illegal software crack used to bypass copy protection for Windows.

Chez virscan.org qui est l'équivalent de virus-total :
https://r.virscan.org/a6202b6facef66290ea823109078ba3e

ou encore threatexpert : https://www.broadcom.com/

----------------------------
*Vides la quarantaine Malwarebytes --> Cliques sur l'onglet " Quarantaine" --> et supprimes ce qui s'y trouve

*Télécharges et installes ccleaner : https://filehippo.com/download_ccleaner/
- Durant l'installation, n'installes pas la barre d'outils yahoo et décoches la case " ajouter l'option des mises à jour"

- Une fois installé, fermes toutes les applications en cours et lance ccleaner
- clic >> option >> avancé et décoches " effacer les fichiers etc... plus vieux que 48h
- Sélectionnes---> " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...

---------------------------
Télécharges Navilog1 sur ton bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

- Désactives la garde de ton Antivirus celle de ton (es) antispyware (s)
- Lances l'installation en éxécutant le fichier téléchargé
- Une fois installé, fermes tous les programmes en cours et double-cliques sur Navilog1.exe
- Choisis la langue et presses la touche " entrée " de ton clavier
- Une fenetre s'ouvre, presses 1 touche pour passer aux étapes suivantes
- Le menu du fix s'ouvre, choisis l'option 1 et presses la touche " entrée "
- Laisses le fix travailler et patientes jusqu'au message *** Analyse terminée le***
- Un rapport c:\fixnavi.txt s'etablira, postes son contenu...
0