Sujet Précédent Sujet Suivant

[xp]virus ou spyware

quissto Messages postés 28 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
bonjour.Quand je me connecte au net "avast" m'ouvre des fenetres d'avertissements comme quoi j'envois des mails trop rapprocher.dans le gestionnaire je me suis apercu qu'en supprimant "ashmailsv.exe" le probleme ne se posait plus,mais il se reinstalle en redemarrant mon pc.comment puis je remedier a ce probleme?mon systeme est "windows xp pro". par avance merci.
A voir également:

28 réponses

  • 1
  • 2
Réponse 1 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+
0
quissto Messages postés 28 Statut Membre
 
salut
voila mon rapport
Logfile of HijackThis v1.99.1
Scan saved at 17:21:16, on 20/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lequipe.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: bw+0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

deja merci pour ce debut de reponse regis a++
0
Réponse 2 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re

A part une petite infection, rien de bien terrible !

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+
0
quissto Messages postés 28 Statut Membre
 
re
voila ce que tu m'as demandé
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"EPSON Stylus Photo RX420 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"" ["SEIKO EPSON CORPORATION"]
"LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
".nvsvc" = "C:\WINDOWS\system\smss.exe /w" [null data]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
0
quissto Messages postés 28 Statut Membre
 
re
voila ce que tu m'as demandé
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"EPSON Stylus Photo RX420 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"" ["SEIKO EPSON CORPORATION"]
"LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
".nvsvc" = "C:\WINDOWS\system\smss.exe /w" [null data]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
0
Réponse 3 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re

le rapport n est pas entier

Atend qqs minutes avant de le relever

a+
0
quissto Messages postés 28 Statut Membre
 
re je pense que ce coup ci il est complet desolé de t'avoir derangé pour rien!!je ne sais si je pourrais continuer ce soirv sinon a demain et merci a+++
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"EPSON Stylus Photo RX420 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"" ["SEIKO EPSON CORPORATION"]
"LVCOMS" = "C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
".nvsvc" = "C:\WINDOWS\system\smss.exe /w" [null data]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"
-> {HKLM...CLSID} = "IZArc DragDrop Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"
-> {HKLM...CLSID} = "Logitech Gallery"
\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]
"{792F0537-F929-4eb7-AC1D-FB6334C71550}" = "LG Phone"
-> {HKLM...CLSID} = "LG Phone"
\InProcServer32\(Default) = "C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll" ["LG Electornics"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\MOI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sspipes.scr" [MS]


Startup items in "MOI" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll" ["PC Tools"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PCTEL Speaker Phone, Pctspk, "C:\WINDOWS\system32\pctspk.exe" ["PCtel, Inc."]
Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON Stylus Photo RX420 Series 2KMonitor5E\Driver = "E_FLM9CE.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 42 seconds, including 12 seconds for message boxes)
0
Réponse 4 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

Fixe ceci
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

Supprime:
C:\WINDOWS\system\smss.exe

Redemarre et remet un HijackThis

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
quissto Messages postés 28 Statut Membre
 
re
j'espere que j'ai bien fait ce que tu m'as demandé merci a+++
Logfile of HijackThis v1.99.1
Scan saved at 22:50:53, on 20/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lequipe.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: bw+0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {2DF635B2-8EFF-4E35-8BC5-600FF96B4C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.d
0
Réponse 6 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Ou en sont tes soucis?
Ou est ton antivirus? Tu veux pas en installer un gratuitement?

a+
0
quissto Messages postés 28 Statut Membre
 
re
mes soucis sont resolu en ce qui concerne ce probleme merci.
en ce qui concerne mon anti virus avast est deja gratuit.par contre celui ci me trouve a chaque analyse un trojan que je supprime systematiquement.a l'analyse suivante,que je fait toute les semaines, je le retrouve comment puis je faire?
a+++
ps:je suis ravi de tes competences les miennes sont la cuisine et petit a petit j'arrive a me servir de mon pc!!
0
Réponse 7 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re

Tu peux scaner ton pc avec avast et copie/colle le rapport ici.

Ah je comprend mieux ton pseudo 'cuisto' lol

Bha ravi de te faire manipuler ton pc un peu, c est comme ca qu on apprend et apres on a plus peur comme ca ;-)

Tu nous invites quand? Tu as un resto?

A+
0
quissto Messages postés 28 Statut Membre
 
re
il est minuit et je rentre du taf.je ne pourrais scanner mon pc ce soir car quand je dormirait le scan se bloquera quand il aura trouvé mon trojan,il faut que je le debloque moi meme pour qu'il finisse son taf.je ferais ca demain en fin daprem et je te l'envois.
he non je n'ai pas mon resto mais tu pourras venir il n'y a aucun souci tu seras recu au frais de la pricesse un service en valant un autre.
a++
0
Réponse 8 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Bien dormi quand meme?
Oui pas de soucis, fais le quand tu peux.

Faudrait deja que je saches ou c est lol

a+
0
quissto Messages postés 28 Statut Membre
 
salut
voila le rapport d'avast
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride1.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride1.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride2.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride2.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv.zip\nvsvcd.exe [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv1.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv1.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv2.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv2.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\wincd32drv.exe\csrss.exe [L] Win32:Trojano-3585 [Trj] (0)
C:\wincd32drv.exe\smss.exe [L] Win32:Trojan-gen. {Other} (0)
Durant le transfert du fichier vers la zone de quarantaine, l'erreur suivante s'est produite : L'opération n'est pas supportée pour ce type d'archive.
Durant le transfert du fichier vers la zone de quarantaine, l'erreur suivante s'est produite : L'opération n'est pas supportée pour ce type d'archive.
C:\winxpcddrv.exe\csrss.exe [L] Win32:Trojano-3585 [Trj] (0)
C:\winxpcddrv.exe\smss.exe [L] Win32:Trojan-gen. {Other} (0)
Durant le transfert du fichier vers la zone de quarantaine, l'erreur suivante s'est produite : L'opération n'est pas supportée pour ce type d'archive.
Durant le transfert du fichier vers la zone de quarantaine, l'erreur suivante s'est produite : L'opération n'est pas supportée pour ce type d'archive.
E:\Téléchargements Imcomplets\2f5160ea54e33c18b07aef426bc62891 Caramba Deluxe + Crack.rar\UnnamedStream_1\Caramba Deluxe + Crack\setup.exe [E] archive RAR corrompue. (42126)
E:\Téléchargements Imcomplets\2f5160ea54e33c18b07aef426bc62891 Caramba Deluxe + Crack.rar\Caramba Deluxe + Crack\setup.exe [E] archive RAR corrompue. (42126)
E:\Téléchargements Imcomplets\U2ZZACWXIOBTGYXT3CGOOQ2BGXDT7OR3 360 - Mahjong Escape + Cracker + Readme (Gamehouse).rar\Mahjong Escape.exe [E] archive RAR corrompue. (42126)


he bien maintenant c'est a toi de jouer lol !!
a+++
0
Réponse 9 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Rend toi ici:

C:\wincd32drv.exe

Qui a t il dedans?

a+
0
Réponse 10 / 28
quissto Messages postés 28 Statut Membre
 
salut
je n'ai pas reussi a lire l'archive sans savoir des alertes.j'ai testé l'archive et je ne peux pas faire de copier/coller donc je vais tt faire a la main.
change.bat
blastcln.exe
csrss.exe
Rar.exe
smss.exe
svchost.exe
tar.exe
cygcrypt-0.dll
cygwin1.dll
RarReg.Key
runtime.dll
setup.bat
winmanagement.dll
j'espere que ca t'aideras et que j'ai bien fait!!
a++
0
Réponse 11 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

tu peux l analyser ici?

Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\wincd32drv.exe
Clik send et colle le rapport stp

A+
0
Réponse 12 / 28
quissto Messages postés 28 Statut Membre
 
salut
la seule chose que j'ai reussi a avoir c'est:
http://www.virustotal.com/vt/en/resultadox?563b1e6144fd05eb3b98936b10caf783
j'espere que cela t'aideras
a++
0
quissto Messages postés 28 Statut Membre
 
c'est re moi oups!!! fallait attendre un peu
Antivirus Version Update Result
AntiVir 6.35.1.3 08.25.2006 TR/Hidewindow.C
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 Win32:Trojano-3585
AVG 386 08.25.2006 BackDoor.Generic2.LKK
BitDefender 7.2 08.26.2006 Trojan.Hidewindow.C
CAT-QuickHeal 8.00 08.25.2006 no virus found
ClamAV devel-20060426 08.25.2006 Trojan.Servu.1
DrWeb 4.33 08.25.2006 BackDoor.Iroffer.1255
eTrust-InoculateIT 23.72.107 08.25.2006 no virus found
eTrust-Vet 30.3.3039 08.25.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.25.2006 HackerTool/HideRun
F-Prot 3.16f 08.25.2006 no virus found
F-Prot4 4.2.1.29 08.26.2006 no virus found
Ikarus 0.2.65.0 08.25.2006 no virus found
Kaspersky 4.0.2.24 08.25.2006 not-a-virus:RiskTool.Win32.HideRun
McAfee 4838 08.25.2006 potentially unwanted program Generic PUP
Microsoft 1.1560 08.25.2006 Backdoor:Win32/ServU-based.F
NOD32v2 1.1724 08.24.2006 probably a variant of Win32/Iroffer
Norman 5.90.23 08.25.2006 no virus found
Panda 9.0.0.4 08.25.2006 Application/Hiderun.F
Sophos 4.08.0 08.25.2006 no virus found
Symantec 8.0 08.26.2006 no virus found
TheHacker 5.9.8.200 08.25.2006 no virus found
UNA 1.83 08.25.2006 Backdoor.Iroffer.C077
VBA32 3.11.1 08.25.2006 no virus found
VirusBuster 4.3.7:9 08.25.2006 Backdoor.Iroffer.BJ
Aditional Information
File size: 2613001 bytes
MD5: efa5d5e157f3901ed72de3afa0519845
SHA1: 092986b9370c39dc78b3d286197dde5d81f5014c
packers: UPX, RAR
a+++
0
Réponse 13 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Supprime ceci:
C:\wincd32drv.exe

A+
0
Réponse 14 / 28
quissto Messages postés 28 Statut Membre
 
re
j'ai supprimé ce fichier.j'analyse de nouveau mon pc et t'envois le rapport?
merci beaucoup
a++
0
Réponse 15 / 28
quissto Messages postés 28 Statut Membre
 
re
puis je supprimer aussi C:\winpcddrv.exe qui lui aussi est verolé de la meme maniere?
a+
0
Réponse 16 / 28
quissto Messages postés 28 Statut Membre
 
re j'ai fais un rapport de la meme maniere que tu m'as fais faire la premiere fois
Antivirus Version Update Result
AntiVir 6.35.1.3 08.26.2006 TR/Hidewindow.C
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 Win32:Trojano-3585
AVG 386 08.25.2006 BackDoor.Generic2.LKK
BitDefender 7.2 08.26.2006 Trojan.Hidewindow.C
CAT-QuickHeal 8.00 08.26.2006 no virus found
ClamAV devel-20060426 08.26.2006 Trojan.Servu.1
DrWeb n - no virus found
eTrust-InoculateIT 23.72.107 08.25.2006 no virus found
eTrust-Vet 30.3.3039 08.25.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.25.2006 HackerTool/HideRun
F-Prot 3.16f 08.25.2006 no virus found
F-Prot4 4.2.1.29 08.26.2006 no virus found
Ikarus 0.2.65.0 08.25.2006 no virus found
Kaspersky 4.0.2.24 08.26.2006 not-a-virus:RiskTool.Win32.HideRun
McAfee 4838 08.25.2006 potentially unwanted program Generic PUP
Microsoft 1.1560 08.26.2006 Backdoor:Win32/ServU-based.F
NOD32v2 1.1724 08.24.2006 probably a variant of Win32/Iroffer
Norman 5.90.23 08.25.2006 no virus found
Panda 9.0.0.4 08.26.2006 Application/Hiderun.F
Sophos 4.08.0 08.26.2006 no virus found
Symantec 8.0 08.26.2006 no virus found
TheHacker 5.9.8.200 08.25.2006 no virus found
UNA 1.83 08.26.2006 Backdoor.Iroffer.C077
VBA32 3.11.1 08.25.2006 Backdoor.Win32.Iroffer.n
VirusBuster 4.3.7:9 08.26.2006 Backdoor.Iroffer.BJ

Aditional Information
File size: 2613114 bytes
MD5: 79f50657a6625e9a3868f8cd740a779f
SHA1: 56efdbb8a4b8e0f2fb94642f7ea0bb22a8b3dd33
packers: UPX, RAR
a+
0
Réponse 17 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Oui supprime le !

Ensuite relance un scan et donne le rapport

a+
0
Réponse 18 / 28
quissto Messages postés 28 Statut Membre
 
re voila le rapport
je n'ai eu aucune alerte
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride1.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride1.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride2.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride2.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv.zip\nvsvcd.exe [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv1.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv1.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv2.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgentxv2.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip\sbRecovery.reg [E] L'archive est protégée par mot de passe. (42056)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip\sbRecovery.ini [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp [E] L'archive est protégée par mot de passe. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp [E

a++
0
Réponse 19 / 28
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
salut

ou en sont tes soucis

a+
0
Réponse 20 / 28
quissto Messages postés 28 Statut Membre
 
re
apperement tout va bien je t'en remerci.
que penses tu de mozilla comme navigateur on m'a dit qu'il etait plus sure et plus rapide que explorer.

a++
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses