Démarrage Avast + Centre de Sécu Impossible

ludoranv -  
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,

Suite à un téléchargement hasardeux, je me retrouve avec un ralentissement trés important de mon PC.
Aprés le téléchargement du fichier en question, Avast avait détecté un Cheval de Troie. J'ai bien fait "Mettre en Quarantaine" mais celà n'a apparemment pas suffi. Aprés, le PC a redemmaré tout seul (+ de 5 mn à redémmarrer) et depuis il rame énormément, Avast ne démarre plus avec le message suivant: C:@Program Files\Alwil Software\Avast4\ashAvast.exe n'est pas une application Win32 valide. Le centre de sécurité ne veut plus démarrer non plus. J'ai vu que les services étaient désactivé mais il m'est impossible de les relancer. Please, aidez moi SVP !!!!
Configuration: Windows XP Internet Explorer 8

12 réponses

  1. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Salut,

    *Télécharges FindyKill de Chiquitine29 :

    http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    ->Enregistres le sur ton bureau et pas ailleurs !

    !! Déconnectes toi et fermes toute applications en cours !!

    ->double Cliques sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

    --> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .
    -->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...

    Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt
    0
    1. ludoranv
       
      Voici le rapport:


      ############################## [ FindyKill V4.729 ]

      # User : Sophie et Ludo (Administrateurs) # ORDI-LUDO-SOPHI
      # Update on 19/05/09 by Chiquitine29
      # Start at: 14:59:31 | 22/05/2009
      # Website : http://pagesperso-orange.fr/NosTools/findykill.html

      # AMD Sempron(tm) Processor 3000+
      # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 8.0.6001.18702
      # Windows Firewall Status : Enabled

      # A:\ # Lecteur de disquettes 3 ½ pouces
      # C:\ # Disque fixe local # 153,38 Go (20,21 Go free) # NTFS
      # E:\ # Disque CD-ROM
      # F:\ # Disque amovible
      # Z:\ # Connexion réseau # 153,38 Go (20,21 Go free) # NTFS

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\rkfree\rkfree.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Documents and Settings\Sophie et Ludo\Application Data\m\flec006.exe
      C:\WINDOWS\system32\wintems.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Processus infectieux stoppés ]

      "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe" (3300)
      "C:\Documents and Settings\Sophie et Ludo\Application Data\m\flec006.exe" (2160)
      "C:\WINDOWS\system32\wintems.exe" (3728)

      ################## [ Fichiers / Dossiers infectieux ]

      Found ! C:\WINDOWS\Prefetch\194343.EXE-2E2D8AC3.pf
      Found ! C:\WINDOWS\Prefetch\207828.EXE-30A92E17.pf
      Found ! C:\WINDOWS\Prefetch\349937.EXE-26B063EF.pf
      Found ! C:\WINDOWS\Prefetch\356765.EXE-2FB551FE.pf
      Found ! C:\WINDOWS\Prefetch\359093.EXE-064D5F01.pf
      Found ! C:\WINDOWS\Prefetch\371078.EXE-0D74A145.pf
      Found ! C:\WINDOWS\Prefetch\384546.EXE-22FFA4F7.pf
      Found ! C:\WINDOWS\Prefetch\385140.EXE-38D0F7B0.pf
      Found ! C:\WINDOWS\Prefetch\395218.EXE-288F8C12.pf
      Found ! C:\WINDOWS\Prefetch\396750.EXE-128DD688.pf
      Found ! C:\WINDOWS\Prefetch\425265.EXE-24EFFA4C.pf
      Found ! C:\WINDOWS\Prefetch\454937.EXE-1652D285.pf
      Found ! C:\WINDOWS\Prefetch\600656.EXE-0B6669B6.pf
      Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-3250BE36.pf
      Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
      Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
      Found ! C:\WINDOWS\system32\ban_list.txt
      Found ! C:\WINDOWS\system32\mdelk.exe
      Found ! C:\WINDOWS\system32\wintems.exe
      Found ! C:\WINDOWS\system32\drivers\down
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\downld"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\srosa2.sys"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\wfsintwq.sys"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\data.oct"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\flec006.exe"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\list.oct"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\shared"
      Found ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\srvlist.oct"

      ################## [ Infected Temp Files ]

      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\4ENROYW7\b64[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5F7MR1P0\ieps[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5Z9A5MD1\b64_1[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5Z9A5MD1\b64_3[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\8RV13Q7M\b64_3[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\DA2DHTQE\b64_3[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\FUN9I0MH\file[1].txt
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\ICC2LXLZ\b64[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\JR3HG65L\b64_6[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\LQUURAM9\b64_6[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\NGNGPGHU\b64_3[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\NYVF5DX9\b64_1[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\TABZX11I\b64_1[1].jpg
      Found ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\TY9VCNCQ\b64_3[1].jpg

      ################## [ Registre / Clés infectieuses ]

      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Local AppWizard-Generated Applications\msnmsgr
      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Local AppWizard-Generated Applications\run
      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Local AppWizard-Generated Applications\winupgro
      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\bisoft
      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\DateTime4
      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\FFC
      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\MuleAppData
      Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
      Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
      Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
      Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
      Found ! HKEY_CURRENT_USER\Software\bisoft
      Found ! HKEY_CURRENT_USER\Software\DateTime4
      Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
      Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
      Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
      Found ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

      # (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
      # (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

      ################## [ Recherche dans supports amovibles]


      ################## [ Registre / Mountpoints2 ]

      # -> Not found !

      ################## [ ! Fin du rapport # FindyKill V4.729 ! ]
      0
  2. ludoranv
     
    Bonjour Chiquitine29, je le fais de suite...
    0
  3. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    +

    * Il s'agit de Bagle et cette infection arrive lorsque tu télécharges des cracks ou keygens, je te conseille donc de les supprimer si tu en as encore

    Déconnectes toi et fermes toutes les applications en cours ( navigateur compris ) .

    * Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

    * Relances "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    * Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

    * Le pc va redémarrer automatiquement ...

    --> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c'est normal !

    * Postes le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

    /!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
    0
    1. ludoranv
       
      Ok, je fais ça de suite.

      Pourtant, je n'ai téléchargé aucun crack, seulement un logiciel de puzzles...

      Je te postes le rapport dés que tout ça est terminé...
      0
  4. ludoranv
     
    Voilà, c'est fait. Le PC a bien redémarré avec le centre de Sécurité qui refonctionne. Il m'affiche cepndant qu'aucun Antivirus n'est installé. Faut il que je démarre manuellement Avast ?

    Voici le rapport:

    ############################## [ FindyKill V4.729 ]

    # User : Sophie et Ludo (Administrateurs) # ORDI-LUDO-SOPHI
    # Update on 19/05/09 by Chiquitine29
    # Start at: 15:13:38 | 22/05/2009
    # Website : http://pagesperso-orange.fr/NosTools/findykill.html

    # AMD Sempron(tm) Processor 3000+
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Enabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 153,38 Go (20,21 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque amovible
    # Z:\ # Connexion réseau # 153,38 Go (20,21 Go free) # NTFS

    ############################## [ Active Processes ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Infected Files \ Folders ]

    Deleted ! C:\WINDOWS\Prefetch\194343.EXE-2E2D8AC3.pf
    Deleted ! C:\WINDOWS\Prefetch\207828.EXE-30A92E17.pf
    Deleted ! C:\WINDOWS\Prefetch\349937.EXE-26B063EF.pf
    Deleted ! C:\WINDOWS\Prefetch\356765.EXE-2FB551FE.pf
    Deleted ! C:\WINDOWS\Prefetch\359093.EXE-064D5F01.pf
    Deleted ! C:\WINDOWS\Prefetch\371078.EXE-0D74A145.pf
    Deleted ! C:\WINDOWS\Prefetch\384546.EXE-22FFA4F7.pf
    Deleted ! C:\WINDOWS\Prefetch\385140.EXE-38D0F7B0.pf
    Deleted ! C:\WINDOWS\Prefetch\395218.EXE-288F8C12.pf
    Deleted ! C:\WINDOWS\Prefetch\396750.EXE-128DD688.pf
    Deleted ! C:\WINDOWS\Prefetch\425265.EXE-24EFFA4C.pf
    Deleted ! C:\WINDOWS\Prefetch\454937.EXE-1652D285.pf
    Deleted ! C:\WINDOWS\Prefetch\600656.EXE-0B6669B6.pf
    Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-3250BE36.pf
    Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
    Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
    Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
    Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-3521559F.pf
    Deleted ! C:\WINDOWS\system32\ban_list.txt
    Deleted ! C:\WINDOWS\system32\mdelk.exe
    Deleted ! C:\WINDOWS\system32\wintems.exe
    Deleted ! C:\WINDOWS\system32\drivers\down
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\srosa2.sys"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\wfsintwq.sys"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\data.oct"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\flec006.exe"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\list.oct"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\srvlist.oct"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\downld"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\drivers"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m\shared"
    Deleted ! "C:\Documents and Settings\Sophie et Ludo\Application Data\m"

    ################## [ Infected Temp Files ]

    Deleted ! C:\DOCUME~1\SOPHIE~1\LOCALS~1\Temp\Rar$EX01.687\run.exe
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\4ENROYW7\b64[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5F7MR1P0\ieps[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5Z9A5MD1\b64_1[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\5Z9A5MD1\b64_3[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\8RV13Q7M\b64_3[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\DA2DHTQE\b64_3[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\FUN9I0MH\file[1].txt
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\ICC2LXLZ\b64[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\JR3HG65L\b64_6[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\LQUURAM9\b64_6[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\NGNGPGHU\b64_3[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\NYVF5DX9\b64_1[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\TABZX11I\b64_1[1].jpg
    Deleted ! C:\Documents and Settings\Sophie et Ludo\Local Settings\Temporary Internet Files\Content.IE5\TY9VCNCQ\b64_3[1].jpg

    ################## [ Registry / Infected keys ]

    Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Deleted ! HKEY_CURRENT_USER\Software\bisoft
    Deleted ! HKEY_CURRENT_USER\Software\DateTime4
    Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
    Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
    Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Deleted ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\FFC
    Deleted ! HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-1004\Software\MuleAppData
    Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
    Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
    Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

    ################## [ Cleaning Removable drives ]

    ################## [ Registry / Mountpoint2 ]

    # -> Not found !

    ################## [ States / Restarting of services ]

    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    # Ndisuio -> # Type of startup =3
    # EapHost -> # Type of startup =2
    # Ip6Fw -> # Type of startup =2
    # SharedAccess -> # Type of startup =2
    # wuauserv -> # Type of startup =2
    # wscsvc -> # Type of startup =2
    # Safe boot mode restored !

    ################## [ Searching Other Infections ]

    # Références de comparaison Bagle MD5 :

    File ... : C:\Documents and Settings\Sophie et Ludo\Application Data\drivers\winupgro.exe
    CRC32 .. : 97ab0f4c
    MD5 .... : de8157dc3d5130f1027d64e963785e18

    Deleted ! : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    # Taille : 868352 # MD5 : DE8157DC3D5130F1027D64E963785E18

    ################## [ Corrupted files # Re-Installation required ]

    C:\Program Files\Alwil Software\Avast4\ashAvast.exe
    C:\Program Files\Alwil Software\Avast4\ashChest.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashLogV.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
    C:\Program Files\Alwil Software\Avast4\ashQuick.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
    C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
    C:\Program Files\Alwil Software\Avast4\ashUpd.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\sched.exe
    C:\Program Files\Alwil Software\Avast4\VisthLic.exe
    C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\register.exe

    ################################### [ Cracks / Keygens / Serials ]

    # -> Nothing found !

    ################## [ ! End of Report # FindyKill V4.729 ! ]
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    +
    Ton antivirus est HS, il va falloir en réinstaller un autre,j e te propose de changer d'antivirus car Avast n'est plus trop recommandé actuellement...

    - Si tu es d'accord, telecharges Avira antivir qui est ce qu'on fait de mieux en gratuit actuellement

    - Supprimes d'abord Avast à partir du panneau de configuration --> ajouter/supprimer un programme

    - Il se peut que tu n'arrives pas a le desinstaller manuellement, dans ce cas utilises l'utilitaire de desinstallation d'Avast

    Pourquoi Antivir et pas Avast

    - Ci dessous un tuto pour l'installer correctement :

    Tutoriel Avira antivir

    Ensuite,

    Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe

    - Fermes toutes les applications en cours et double clic sur RSIT.exe
    - Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
    - Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches
    - Postes le contenu des 2 rapports
    0
    1. ludoranv
       
      Me revoilà...

      J'ai donc tout effectué et voici ce que j'obtiens:

      1 er rapport:

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Sophie et Ludo at 2009-05-22 18:56:12
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 21 GB (13%) free of 157 GB
      Total RAM: 959 MB (46% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:56:31, on 22/05/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\rkfree\rkfree.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\Documents and Settings\Sophie et Ludo\Bureau\RSIT.exe
      C:\Program Files\trend micro\Sophie et Ludo.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: zlio-fr Toolbar - {b532bd48-7123-4985-91b8-33b3e11778fa} - C:\Program Files\zlio-fr\tbzlio.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: zlio-fr Toolbar - {b532bd48-7123-4985-91b8-33b3e11778fa} - C:\Program Files\zlio-fr\tbzlio.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: zlio-fr Toolbar - {b532bd48-7123-4985-91b8-33b3e11778fa} - C:\Program Files\zlio-fr\tbzlio.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [rkfree] "C:\Program Files\rkfree\rkfree.exe" /b
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm794YYFR
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
      O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{4F1EBAA1-1A60-4AC0-BA8C-94DC7E417581}: NameServer = 80.10.246.2
      O18 - Protocol: bw+0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {AFA564D2-0481-4567-ADE4-E28F90E845AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
      O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
      O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
      O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
      O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
      O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
      O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
      O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
      0
  7. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bonsoir

    Pour suivre à la demande de Ced_King

    0
  8. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    +

    Avant de continuer, j'ai une question a te poser : ta version windows XP est elle légale ?

    0
    1. ludoranv
       
      Bonsoir,

      Je sais pas trop si ma version est légale mais je pense que oui puisque j'ai acheté l'ordi à un copain qui l'avait acheté chez Boulanger...il ne l'avait pas réinstallé donc normalement...
      0
  9. ludoranv
     
    Je viens de vérifier et la clé rentrée dans Windows est bien celle inscrite sur le coté de mon PC (sur une étiquette verte et bleue...)
    0
  10. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Bonjour,

    * Ok, peux tu faire ceci stp :

    * Rends toi sur ce site :https://www.virustotal.com/gui/

    - Cliques sur <parcourir> et cherches ce fichier : C:\WINDOWS\system32\antiwpa.dll

    - Cliques sur <Send File>.

    - Un rapport va s'élaborer ligne à ligne.

    - Attends la fin. Il doit comprendre la taille du fichier envoyé.

    - Sauvegardes le rapport avec le bloc-note et copies le dans ta réponse.
    0
    1. ludoranv
       
      Voici le rapport aprés analyse du fichier antiwpa.dll:

      Fichier antiwpa.dll reçu le 2009.05.23 12:45:49 (UTC)


      Antivirus Version
      Dernière mise à jour Résultat
      a-squared 4.0.0.101 2009.05.23 -
      AhnLab-V3 5.0.0.2 2009.05.23 -
      AntiVir 7.9.0.168 2009.05.23 -
      Antiy-AVL 2.0.3.1 2009.05.22 -
      Authentium 5.1.2.4 2009.05.22 -
      Avast 4.8.1335.0 2009.05.22 -
      AVG 8.5.0.339 2009.05.23 -
      BitDefender 7.2 2009.05.23 -
      CAT-QuickHeal 10.00 2009.05.23 -
      ClamAV 0.94.1 2009.05.22 -
      Comodo 1157 2009.05.08 -
      DrWeb 5.0.0.12182 2009.05.23 -
      eSafe 7.0.17.0 2009.05.21 -
      eTrust-Vet 31.6.6519 2009.05.23 -
      F-Prot 4.4.4.56 2009.05.22 -
      F-Secure 8.0.14470.0 2009.05.23 -
      Fortinet 3.117.0.0 2009.05.23 -
      GData 19 2009.05.23 -
      Ikarus T3.1.1.49.0 2009.05.23 -
      K7AntiVirus 7.10.741 2009.05.21 -
      Kaspersky 7.0.0.125 2009.05.23 -
      McAfee 5623 2009.05.22 -
      McAfee+Artemis 5623 2009.05.22 -
      McAfee-GW-Edition 6.7.6 2009.05.23 -
      Microsoft 1.4701 2009.05.23 -
      NOD32 4098 2009.05.22 -
      Norman 6.01.05 2009.05.22 -
      nProtect 2009.1.8.0 2009.05.23 -
      Panda 10.0.0.14 2009.05.23 -
      PCTools 4.4.2.0 2009.05.21 -
      Prevx 3.0 2009.05.23 -
      Rising 21.30.52.00 2009.05.23 -
      Sophos 4.42.0 2009.05.23 -
      Sunbelt 3.2.1858.2 2009.05.23 -
      Symantec 1.4.4.12 2009.05.23 -
      TheHacker 6.3.4.3.331 2009.05.22 -
      TrendMicro 8.950.0.1092 2009.05.23 -
      VBA32 3.12.10.5 2009.05.23 -
      ViRobot 2009.5.23.1749 2009.05.23 -
      VirusBuster 4.6.5.0 2009.05.22 -
      Information additionnelle
      File size: 60416 bytes
      MD5...: b80a024ddd9bfa1685d72feafba76db6
      SHA1..: 3493dbe43d0565ae7741ae5e46c36dc16c4b313e
      SHA256: c431c7d25104eaae403bad3e8b0d8cbcf66cb54abf2553497964a28f8eaecd55
      SHA512: 8bf9f83c63abf48fb241833ad267eff52942f6fb81a0d35cceeccd0e06ebde80
      5993cdd7a3b98a20c7bd291376587beb5a121aec9a9c09737d987859c9548226
      ssdeep: 1536:RCHZA/2h2oh45FPvLbhn6W4ZIKxrf5XJO:gHZA/2hgFPvHh6K8XI

      PEiD..: -
      TrID..: File type identification
      Windows Screen Saver (39.4%)
      Win32 Executable Generic (25.6%)
      Win32 Dynamic Link Library (generic) (22.8%)
      Generic Win/DOS Executable (6.0%)
      DOS Executable Generic (6.0%)
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x109b
      timedatestamp.....: 0x3ed01836 (Sun May 25 01:11:18 2003)
      machinetype.......: 0x14c (I386)

      ( 5 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x338a 0x3400 6.39 427fe19ba8185116f41488ee967c0bc9
      .rdata 0x5000 0x8c54 0x8e00 3.17 1597d92d56446bc80ab6f2464fe8dba2
      .data 0xe000 0x7ac 0x600 3.76 f83077b31136047cc7c501420db587a6
      .rsrc 0xf000 0x310 0x400 2.62 0557726ae92f652eb806cb193289bd6a
      .reloc 0x10000 0x1a08 0x1c00 6.18 971ffa7bb7b24aff37555da8e64fa8e5

      ( 6 imports )
      > KERNEL32.dll: MoveFileA, GetTickCount, GetLastError, DeleteFileA, lstrcmpiA, CopyFileA, VirtualAlloc, GetProcAddress, LoadLibraryA, GetModuleFileNameA, GetSystemWindowsDirectoryA, lstrlenA, VirtualProtect, lstrcmpA
      > ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA
      > USER32.dll: GetSystemMetrics
      > SHELL32.dll: ShellExecuteA
      > SHLWAPI.dll: PathAppendA, PathStripPathA
      > MSVCRT.dll: strchr, sprintf, abort, _except_handler3, _vsnprintf

      ( 3 exports )
      DllRegisterServer, DllUnregisterServer, onStartup

      PDFiD.: -
      RDS...: NSRL Reference Data Set
      -
      CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b80a024ddd9bfa1685d72feafba76db6' target='_blank'>http://research.sunbelt-software.com/...
      0
  11. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    - Telecharges Malwarebytes' Anti-Malware :
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    - Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour
    - Une fois installé, fermes toutes les applications en cours et lances Malwarebytes
    - Executes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)
    - A la fin du scan clic sur " Afficher les resultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la selection "
    - Si il a besoin de redemarrer le pc pour finir la desinfection, acceptes
    - Un rapport s'etablira, postes son contenu.

    0
  12. ludoranv
     
    Voici le rapport:

    23/05/2009 19:22:48
    mbam-log-2009-05-23 (19-22-48).txt

    Type de recherche: Examen rapide
    Eléments examinés: 90044
    Temps écoulé: 7 minute(s), 51 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 24
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\Sophie et Ludo\Local Settings\Application Data\lqglj_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sophie et Ludo\Local Settings\Application Data\lqglj_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sophie et Ludo\Local Settings\Application Data\lqglj.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
    0
  13. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Bizarre que Virus-total ne l'est pas vu comme néfaste :

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

    Chez Bleepingcomputer : https://www.bleepingcomputer.com/startups/antiwpa.dll-21379.html

    An illegal software crack used to bypass copy protection for Windows.

    Chez virscan.org qui est l'équivalent de virus-total :
    https://r.virscan.org/a6202b6facef66290ea823109078ba3e

    ou encore threatexpert : https://www.broadcom.com/

    ----------------------------
    *Vides la quarantaine Malwarebytes --> Cliques sur l'onglet " Quarantaine" --> et supprimes ce qui s'y trouve

    *Télécharges et installes ccleaner : https://filehippo.com/download_ccleaner/
    - Durant l'installation, n'installes pas la barre d'outils yahoo et décoches la case " ajouter l'option des mises à jour"

    - Une fois installé, fermes toutes les applications en cours et lance ccleaner
    - clic >> option >> avancé et décoches " effacer les fichiers etc... plus vieux que 48h
    - Sélectionnes---> " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...

    ---------------------------
    Télécharges Navilog1 sur ton bureau :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    - Désactives la garde de ton Antivirus celle de ton (es) antispyware (s)
    - Lances l'installation en éxécutant le fichier téléchargé
    - Une fois installé, fermes tous les programmes en cours et double-cliques sur Navilog1.exe
    - Choisis la langue et presses la touche " entrée " de ton clavier
    - Une fenetre s'ouvre, presses 1 touche pour passer aux étapes suivantes
    - Le menu du fix s'ouvre, choisis l'option 1 et presses la touche " entrée "
    - Laisses le fix travailler et patientes jusqu'au message *** Analyse terminée le***
    - Un rapport c:\fixnavi.txt s'etablira, postes son contenu...
    0