bonjour je voudrais oter le virus click me

Question

Bonjour j aimerais savoir j ai des icone que je ne peux ouvert et ont ma prevenue que click me en etais un j ai tt supprimer de l ordi mais a chaque ouverture il c remet je ne comprend rien du tt, pourriez vous s il vous plais m aider a l enlever je vous remercie par avance

Neo-Nil@u · Answer

Salut Cynthia,

d'abord, évite de parler en langage SMS, on ne s'y retrouve pas !
Si j'ai bien compris, tu as Click Me sur mon PC (spyware)

Télécharge ces 2 anti-espions :

** Ad-Aware SE :
Ad-aware

** Spybot S-Destroy :
Spybot Search & Destroy

Tiens-ous au courant ! @+

sguo · Answer

Bonjour Neo,

c'est ce que j'ai fait sur l'ordinateur de ma soeur hier, j'ai détruit tous les spywares avec spybot, mais après avoir relancé le PC, l'icone Click me apparait toujours sur le bureau et une demande de confirmation de numérotation automatique apparait toujours

Si tu peux m'en dire plus, merci

Sylvain

balltrap34 · Answer

salut
Hijackthis http://pageperso.aol.fr/balltrap34/page%20virus.htm

telecharge le et met le dans son propre dossier ex/c :hj

clik sur do a systeme scan et save a logfile
et copier coller le rapport

nawack · Answer

oui mais ce n'est pas tres efficaces g opté pour cette solution et malgré tout je le retrouve, je vais dans le systeme 32 pour retirer l'executable belgium truc qui vient de click me mais il revient au demarrage suivant

dolgo · Answer

Merci bien balltrap ! en effet, j'ai mis le temps, mais la solution a mon probleme était toute simple... C'est ca la joie de l'informatique !

Merci de m'avoir fait découvrir HJ

Bonne continuation !

balltrap34 · Answer

de rien a++

nawack · Answer

ok je vais essayer ca merci bien

bloodgang · Answer

lulu balltap mon pb est le meme que les autres, click me est tres persistant pas moyen de tuer meme a coup de latte!!j'ai donc fait un log que voici comme préconisé mais je ne sais que cocher si tu m'aide je te serai eternellement reconnaissantLogfile of HijackThis v1.99.1Scan saved at 21:07:30, on 07/04/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\htpatch.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\carpserv.exeC:\Program Files\O2Micro\AudioDJ\o2cd.exeC:\WINDOWS\system32\MMTray.exeC:\WINDOWS\system32\MMTray2k.exeC:\WINDOWS\system32\MMTrayLSI.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXEC:\WINDOWS\system32\LVComS.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft Money\System\mnyexpr.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\Keymaestro\Multimedia Keyboard
hksrv.exeC:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeC:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXEC:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\WINDOWS\System32
vsvc32.exeC:\Program Files\Kerio\Personal Firewall\persfw.exeC:\PROGRA~1\NORTON~1\SPEEDD~1
opdb.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXEC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeD:\Downloads\PAR THEMES\spyware\HijackThis.exeC:\Program Files\Messenger\msmsgs.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.phpR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gardiensdesames.com/forums/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://darktemplar.hostonet.org/index.phpR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [CARPService] carpserv.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [o2cd] C:\Program Files\O2Micro\AudioDJ\o2cd.exeO4 - HKLM\..\Run: [MMTray] MMTray.exeO4 - HKLM\..\Run: [MMTray2K] MMTray2k.exeO4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\france.exe -NO4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\Program Files\Allocam Multi Visio\allocam.exe (file missing)O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\Program Files\Allocam Multi Visio\allocam.exe (file missing)O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_new.exeO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cabO16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exeO23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXEO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus
avapsvc.exeO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Keymaestro\Multimedia Keyboard
hksrv.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exeO23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exeO23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1
opdb.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

balltrap34 · Answer

salut

imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe (3)

----------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------

demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------

assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.

Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe

--------------------
relance hijack coche ces lignes et ensuite clik sur fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\security\libjava.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [COM Service] C:\WINDOWS\COMMAND\msmhyu.com
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [77rS3sl] cerata.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitexxc32.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\france.exe -N
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [Mw02RiJ8e] ccfint40.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/215423af4c5657038506/netzip/RdxIE601_fr.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary
O20 - Winlogon Notify: xmlsrv - C:\WINDOWS\system\xmlsrv.dll (file missing

----------------------
recherche et suppr ceci
attention seulement les fichiers
C:\WINDOWS\security\libjava.dll
C:\WINDOWS\COMMAND\msmhyu.com
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
C:\WINDOWS\System32\msnmsgrsc.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\cerata.exe
C:\windows\system32\elitexxc32.exe
C:\WINDOWS\System32\france.exe -N
C:\Program Files\Media Access<== le dossier
C:\WINDOWS\System32\ccfint40.exe
C:\WINDOWS\system\xmlsrv.dll
C:\WINDOWS\System32\palsp.exe
et fait aussi une recherche en mettent elite* * *32.exe (met bien les etoiles)
ainsi que france .exe
C:\Documents and Settings\Propriétaire\kalnder.exe
---------------

passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------

tu vide ta poubelle et tu redemarre en mode normal et refait un hijack

et precise ou en sont tes soucis

--

fred · Answer

moi aussi j'ai click me et d'autre chose qui font ralentir mon pc!j'ai fais un hijackThis et voila le résultat mais je ne sai pa quoi enlever!!merci d'avance pour votre aide qui me sera si précieuse!!! Logfile of HijackThis v1.99.1Scan saved at 18:34:53, on 9/04/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exeC:\Program Files\Norton Internet Security Professional\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\WINDOWS\system32\dla	fswctrl.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\WINDOWS\System32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\WINDOWS\System32\ctfmon.exeC:\Documents and Settings\Pierre\Application Data	irs.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Winamp\winamp.exeC:\Documents and Settings\Pierre\Bureau\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dllO2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dllO2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLLO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exeO4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXEO4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exeO4 - HKLM\..\Run: [AtiPTA] atiptaxx.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exeO4 - HKLM\..\Run: [MSChoExE] suge.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVDO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\france.exe  -NO4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitejky32.exeO4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exeO4 - HKLM\..\RunServices: [MSChoExE] suge.exeO4 - HKLM\..\RunOnce: [cetec1] regedit.exe /s C:\DOCUME~1\Pierre\LOCALS~1\Temp\cetec.REGO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSChoExE] suge.exeO4 - HKCU\..\Run: [Rerb] C:\Documents and Settings\Pierre\Application Data	irs.exeO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\cookies.htmlO8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet ZoneO16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab_SerialSpot.cabO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=3d64ca9b0b12f3fe8475e82a9b5224b4dd4da1650d78ee8dd50507660154ad2c259d1e0de0e54439b2a1945d1207458cd2400e6f0ddb78b2b448b678698411337754:df470ab4f4863823b18f5a9fca2cbb23O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09ebab37bae1e514c605/netzip/RdxIE601_fr.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus
avapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXEO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

julien · Answer

pourrai tu m'aider a supprimer click me stp?

WASKER · Answer

voila mon rapport donc si vous trouver ne serais se que l'ombre d'un spyware ou de click me enfin... je laisse ça au proMerciiiiiiLogfile of HijackThis v1.99.1Scan saved at 20:38:46, on 12/05/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\WINDOWS\System32
ulware.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\TGTSoft\StyleXP\StyleXP.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\WinOSX\Big_Boss\ObjectDock\ObjectDock.exeC:\Program Files\WinOSX\Big_Boss\YzShadow\YzShadow.exeC:\Program Files\WinOSX\Big_Boss\WinRoll\winroll.exeC:\Program Files\WinOSX\Big_Boss\3r-1c\3r-1c.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\WINDOWS\system32\LVComS.exeC:\Program Files\Logitech\Video\LowLight.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Big_Boss\Bureau\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [Nulware] C:\WINDOWS\System32
ulware.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\france.exe  -NO4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyrs32.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [RK Launcher] -O4 - HKCU\..\Run: [Yz Shadow] -O4 - HKCU\..\Run: [ObjectDock] C:\Program Files\WinOSX\Big_Boss\ObjectDock\ObjectDock.exeO4 - HKCU\..\Run: [HSIMargin] C:\Program Files\WinOSX\Big_Boss\HSI\HSI.exe "C:\Program Files\WinOSX\Big_Boss\HSI\Margin.hss"O4 - HKCU\..\Run: [YzShadow] C:\Program Files\WinOSX\Big_Boss\YzShadow\YzShadow.exeO4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinOSX\Big_Boss\WinRoll\winroll.exeO4 - HKCU\..\Run: [3r-1c (Volume Control)] C:\Program Files\WinOSX\Big_Boss\3r-1c\3r-1c.exeO4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\WinOSX\Big_Boss\ObjectDock\ObjectDock.exeO4 - Startup: Trillian.lnk = C:\Program Files\Trillian	rillian.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1009863495015O18 - Protocol: bw+0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - AppInit_DLLs: MsgPlusLoader.dllO23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

WASKER · Answer

voila mon rapport donc si vous trouver ne serais se que l'ombre d'un spyware ou de click me enfin... je laisse ça au proMerciiiiiiLogfile of HijackThis v1.99.1Scan saved at 20:38:46, on 12/05/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\WINDOWS\System32
ulware.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\TGTSoft\StyleXP\StyleXP.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\WinOSX\Big_Boss\ObjectDock\ObjectDock.exeC:\Program Files\WinOSX\Big_Boss\YzShadow\YzShadow.exeC:\Program Files\WinOSX\Big_Boss\WinRoll\winroll.exeC:\Program Files\WinOSX\Big_Boss\3r-1c\3r-1c.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\WINDOWS\system32\LVComS.exeC:\Program Files\Logitech\Video\LowLight.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Big_Boss\Bureau\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [Nulware] C:\WINDOWS\System32
ulware.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\france.exe  -NO4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyrs32.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [RK Launcher] -O4 - HKCU\..\Run: [Yz Shadow] -O4 - HKCU\..\Run: [ObjectDock] C:\Program Files\WinOSX\Big_Boss\ObjectDock\ObjectDock.exeO4 - HKCU\..\Run: [HSIMargin] C:\Program Files\WinOSX\Big_Boss\HSI\HSI.exe "C:\Program Files\WinOSX\Big_Boss\HSI\Margin.hss"O4 - HKCU\..\Run: [YzShadow] C:\Program Files\WinOSX\Big_Boss\YzShadow\YzShadow.exeO4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinOSX\Big_Boss\WinRoll\winroll.exeO4 - HKCU\..\Run: [3r-1c (Volume Control)] C:\Program Files\WinOSX\Big_Boss\3r-1c\3r-1c.exeO4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\WinOSX\Big_Boss\ObjectDock\ObjectDock.exeO4 - Startup: Trillian.lnk = C:\Program Files\Trillian	rillian.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1009863495015O18 - Protocol: bw+0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {A7477FB9-6E3A-49E0-9287-24C5B5763F36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - AppInit_DLLs: MsgPlusLoader.dllO23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Bruno · Answer

Bonjour,

Moi j'ai aussi le virus Click Me sur mon pc et ça me rend vraiment fou j'en peux plus franchement et je comprend rien à vos explications s'il vous plait aidez moi... Qu'est ce que je peux faire pour retirer click me ??? Il m'a ajouté elitetoolbar, power scan et d'autres merdes que je n'arrive pas à retirer quel est la façon la plus simple et radicale pour retirer tout ça ?? C'est urgent merci

Utilisateur anonyme · Answer

salut bruno,
crre un nouveau poste !!!!!!
et télécharge hijackthis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
L'aide est ici:
http://www.zebulon.fr/articles/HijackThis.php

Dezippz le dans un dossier prévu a cet effet.
Par exemple C:\hijackthis
lancez le puis:
clic sur "do a system scan and save logfile"
faire un copier coller du log entier sur le forum < dans un nouveaû poste

a+

rickhunter · Answer

Salut,

Aidez moi s'il vous plait!!!!!!
Je craque, j'en peux plus!!!! J'ai click me sur mon pc, j'arrive pas à la virer ça fait chier!
Voici mon rapport d'erreur,
si quelqu'un peut m'aider merci!

unning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\AVWLPSTA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\msnmsgrsc.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\cerata.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\windows\system32\palsp.exe
C:\WINDOWS\System32\ccfint40.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\WINDOWS\System32\palsp.exe
C:\WINDOWS\System32\palsp.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\WINDOWS\System32\palsp.exe
C:\WINDOWS\System32\palsp.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\WINDOWS\System32\palsp.exe
C:\WINDOWS\System32\palsp.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\WINDOWS\System32\palsp.exe
C:\WINDOWS\System32\palsp.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\WINDOWS\System32\palsp.exe
C:\WINDOWS\System32\palsp.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Program Files\Soulseek\slsk.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\kalnder.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\security\libjava.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [COM Service] C:\WINDOWS\COMMAND\msmhyu.com
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [77rS3sl] cerata.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitexxc32.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\france.exe -N
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [Mw02RiJ8e] ccfint40.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/215423af4c5657038506/netzip/RdxIE601_fr.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC975451-2E62-414E-9EE9-89CB2EA4C30A}: NameServer = 80.118.196.36 80.118.192.100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: libjava - C:\WINDOWS\security\libjava.dll
O20 - Winlogon Notify: xmlsrv - C:\WINDOWS\system\xmlsrv.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Merci d'avance!

balltrap34 · Answer

salut

imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe (3)

----------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------

demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------

assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.

Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe

--------------------
relance hijack coche ces lignes et ensuite clik sur fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\security\libjava.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [COM Service] C:\WINDOWS\COMMAND\msmhyu.com
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [77rS3sl] cerata.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitexxc32.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\france.exe -N
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [Mw02RiJ8e] ccfint40.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/215423af4c5657038506/netzip/RdxIE601_fr.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary
O20 - Winlogon Notify: xmlsrv - C:\WINDOWS\system\xmlsrv.dll (file missing

----------------------
recherche et suppr ceci
attention seulement les fichiers
C:\WINDOWS\security\libjava.dll
C:\WINDOWS\COMMAND\msmhyu.com
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
C:\WINDOWS\System32\msnmsgrsc.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\cerata.exe
C:\windows\system32\elitexxc32.exe
C:\WINDOWS\System32\france.exe -N
C:\Program Files\Media Access<== le dossier
C:\WINDOWS\System32\ccfint40.exe
C:\WINDOWS\system\xmlsrv.dll
C:\WINDOWS\System32\palsp.exe
et fait aussi une recherche en mettent elite* * *32.exe (met bien les etoiles)
ainsi que france .exe
C:\Documents and Settings\Propriétaire\kalnder.exe
---------------

passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------

tu vide ta poubelle et tu redemarre en mode normal et refait un hijack

et precise ou en sont tes soucis

--

thomas74 · Answer

Bonjour à tous, comme beaucoup de monde apparement j'ai attrappé le virus click me, si une âme charitable pouvait m'aider à l'envoyer aux oubliettes ça serait sympa...Merci d'avance.Voici mon hijackthisLogfile of HijackThis v1.99.1Scan saved at 16:16:52, on 05/24/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\PROGRA~1\MESSAG~1\StartMessager.exeC:\PROGRA~1\Wanadoo\CnxMon.exeC:\PROGRA~1\Wanadoo\TaskbarIcon.exeC:\Program Files\Creative\Shared Files\CAMTRAY.EXEC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\windows\system32\jfucwegvsb.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exeC:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Thomas\Local Settings\Temp\HijackThis.exeC:\Documents and Settings\Thomas\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oemji.com/side_search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WanadooR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLLO2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dllO2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dllO3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dllO4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager WanadooO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exeO4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\france.exe  -NO4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitehlx32.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimizeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quietO4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -trayO4 - HKCU\..\RunServices: [The Intranet] intranet.exeO4 - Global Startup: Picture Package Menu.lnk = ?O4 - Global Startup: Picture Package VCD Maker.lnk = ?O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin
pjpi142_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin
pjpi142_04.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin4.dllO12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin3.dllO16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CABO16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cabO16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://acces-direct.net/15671/Marine-dial-chat.exeO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cabO16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cabO16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1050_pack_XP.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cabO16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1056_XP.cabO16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cabO16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Daphne.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cabO16 - DPF: {D7B59209-0ED9-4986-BD4A-527BE836C6B2} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1051_XP.cabO16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055_XP.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41optYplkOmji/SpySpotterCabInstall.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{DDAFB477-484B-4BAC-97AE-B7E7D07367F7}: NameServer = 194.2.0.20,194.2.0.50O23 - Service: Intranet Service (IntranetService) - Unknown owner - intranet.exe (file missing)O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

Utilisateur anonyme · Answer

re,te debarrasser , avec plaisir lolsi cela ne marche pas, pas grave, on va faire autrementa+

Utilisateur anonyme · Answer

Bonjour,

Méthode a suivre dans l'ordre...
---------------------------------------------------------------------------------------
¤Télécharge ces 3 logiciels mais que tu n utilises pas tout de suite:

1/Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

Le patch en Français pour Ad-Aware :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html

2/Spybot :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

3/Clean Up 312:
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
-----------------------------------------
¤Démarre en mode sans echec :
Pour cela, tu tapote la touche F8 des le debut de l allumage du pc sans t arreter
Une fenetre va souvrir tu te deplaces avec les fleches du clavier sur demarrer en mode sans echec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------
¤Désactive ta restauration systeme:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.

Et appliquer !
---------------------------------
¤Vide tes fichiers temps et tempory internet file:
utilise ceci pour le faire (tu as telecharger avant)
3/http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------------------------------
¤Relance Hijack This, coche les cases devant ces lignes et ensuite clik sur fix:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\france.exe -N

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitehlx32.exe

O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CAB

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://acces-direct.net/15671/Marine-dial-chat.exe

O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab

O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1050_pack_XP.cab

O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1056_XP.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab

O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Daphne.cab

O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cab

O16 - DPF: {D7B59209-0ED9-4986-BD4A-527BE836C6B2} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1051_XP.cab

O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055_XP.cab

------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers

C:\WINDOWS\EliteToolBar<==le dossier

C:\windows\system32\jfucwegvsb.exe

C:\WINDOWS\System32\france.exe -N

C:\windows\system32\elitehlx32.exe

---------------------------------
Passe adaware et vire tous se qu il trouve
----------------------------------
Passe spybot et vire tous se qu il trouve
-----------------------------------
Tu vide ta poubelle et tu redemarre en mode normal et refait un Hijack
---------------------------------
¤Reactive ta restauration systeme:

Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu décoche la case désactiver la restauration et applique
----------------------------
Tu caches tes fichiers cachés:

Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Décocher afficher les dossiers cacher

Coche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Cocher masquer les extensions dont le type est connu

Puis fais «Ok» pour valider les changements.
-----------------------------------------------
lance un scan chez RAV :
http://www.ravantivirus.com/scan/

Clique sur "To continue without subscribing click here" et attends quelques minutes.
Lorsque "Ready" est affiché dans "status", coche la case "Autoclean" puis clique sur "Scan my PC"
A la fin de l'analyse, copie/colle le rapport ici
----------------
Precise tes soucis si il en restes....et j ai une question, tu as deja ete sur des sites X?

Tiens moi au courant

a+

Bonjour je voudrais oter le virus click me

21 réponses

Votre réponse

Discussions similaires

Newsletters