Besoin de votre aide SVP

Résolu
motomaniac Messages postés 11 Date d'inscription   Statut Membre -  
papyber Messages postés 6430 Statut Contributeur sécurité -
Besoin de votre aide ! SVP

Je débute en informatique et avast me trouve le virus win32 spyware-gen et je ne sais quoi faire !
J'ai bien vu des réponses sur le forum parrapport à ce problème mais je me demande si l'information ne doit pas être adaptée à chaque cas.
Quelqu'un peut il m'aider à remettre mon ordi en marche correct ? Attention, je suis ne suis pas un pro de l'informatique...
J'ai téléchargé hijackthis et j'ai le résultat que dois-je faire maintenant SVP
Logfile of HijackThis v1.99.1
Scan saved at 21:26:30, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\parents\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: pushow56.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Merci d'avance pour votre aide
Configuration: Windows XP
Internet Explorer 7.0

38 réponses

  • 1
  • 2
Résumé de la discussion

Une personne débutante en informatique se voit signaler par Avast la présence d'un virus Win32 spyware-gen sur Windows XP SP2 et cherche des solutions adaptées à son cas. La réponse recommandée conseille d’utiliser Spybot Search & Destroy et AVG Anti-Spyware, puis de redémarrer en mode sans échec pour identifier et supprimer les éléments malveillants détectés. Il est ensuite demandé de générer et de partager les rapports de Spybot et AVG, puis d’effectuer un nouveau HijackThis pour confirmer l’état de la machine. D'autres éléments à vérifier par la suite incluent les programmes lancés au démarrage, les extensions du navigateur et les paramètres de recherche, afin d'éviter une réinfection et un recontamination.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. alex31410 Messages postés 59 Statut Membre 6
     
    Bonsoir,

    Il semblerait que votre machine comporte 2 antivirus et donc un 1 de trop. Voici une proposition

    1) Garder le norton si c'est un antivirus et que si il est possible de le mettre à jour (je ne vois pas l'éxécutable Rtvscan.exe qui est le prog de l'antivirus de Norton) puis surpprimer l'autre antivirus

    2) Mettre à jour Windows avec windows update juqu'a ce que tout soit installé.

    Après il faudra voir si c'est vraiment un virus et si celui est toujours présent.

    Cordialement
    0
  2. motomaniac Messages postés 11 Date d'inscription   Statut Membre
     
    Normalement je ne dois avoir que Avast depuis presque un an, norton devrait être supprimé.
    Sinon, ma femme a ouvert un fichier zippé qui dès qu'elle l'a ouvert a déclaché la réaction d'avast doit mon problème
    Merci de continuer à m'aider
    0
  3. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    en attendant Alex 31410 fais ceci

    Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.

    Les manipulations sont à faire sans interruption et dans l'ordre.
    Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

    1/Télécharge Brute Force Uninstaller (de Merijn)
    http://www.merijn.org/files/bfu.zip
    Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

    2/FAIS UN CLIC-DROIT sur le lien suivant
    http://perso.orange.fr/Chercheur-perso/scripts/toolbar.bfu
    et choisis "Enregistrer la cible sous..." afin de télécharger Toolbar.bfu de Chercheur
    Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

    Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : [bToolbar.bfu et BFU.exe (très important).

    3/ Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

    4/ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
    Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

    Toolbar.bfu

    Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Toolbar.bfu
    Clique sur Execute et laisse-le faire son travail.
    Attendre que Complete script execution apparaîsse et clique sur OK.

    Clique Exit pour fermer le programme BFU.

    5/Redémarre normalement

    Poste un nouveau HijackThis.
    0
  4. motomaniac Messages postés 11 Date d'inscription   Statut Membre
     
    J'ai bien fait ce que tu m'as dit, voilà le nouveau rapport de hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 22:43:11, on 12/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\parents\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bw+0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: pushow56.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    Désolé pour le temps de réponse mais je ne suis pas très doué donc je prends mon temps.
    Merci de continuer à m'aider.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    1/lance hijack pour un scan et coche les lignes suivantes
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: bw+0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    ferme toutes tes fenêtres y compris internet et clic sur fixer l'objet

    2/Télécharge SDFix sur ton bureau
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    clic double sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et clic double sur RunThis.bat
    Appuie sur Y pour commencer le nettoyage.
    Il va supprimer les services et les entrées du Registre infectés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, poste le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

    3/Télécharge clean.zip, de Malekal
    http://www.malekal.com/download/clean.zip

    décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
    Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
    le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et
    copier/coller le contenu ici C:\rapport_clean.txt
    avec un nouveau rapport Hijack this
    0
  7. alex31410 Messages postés 59 Statut Membre 6
     
    Bonjour,

    Je laisse papyber qui a commencer une procédure de nettoyage qui me parait bonne.
    C'est préférable car 2 techniques en parallèle n'est pas la bonne solution pour arriver à la bonne solution dans un cas de ce type.

    De toute façon, je suis la discution et si besoin, je reviendrai.

    Cordialement
    0
  8. motomaniac Messages postés 11 Date d'inscription   Statut Membre
     
    Bonjour, désolé pour hier soir mais l'appel de la couette ...
    Sinon, merci de prendre en compte ma demande, j'ai bien suivi le protocole seulement après avoir exécuté clean, je n'ai pas eu l'écran noir et pas de rapport non plus, néanmoins voici le résultat de SDFIx

    SDFix: Version 1.83

    Run by parents - 13/05/2007 - 10:55:20,07

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\parents\Bureau\sdfix\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found...

    Removing Temp Files

    ADS Check:

    Checking if ADS is attached to system32 Folder
    C:\WINDOWS\system32
    No streams found.

    Checking if ADS is attached to svchost.exe
    C:\WINDOWS\system32\svchost.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "J:\\Program Files\\Cyanide\\Cycling Manager 4\\Cym2004.exe"="J:\\Program Files\\Cyanide\\Cycling Manager 4\\Cym2004.exe:*:Disabled:CyclingManager"
    "J:\\Cycling Manager 4\\Cym2004.exe"="J:\\Cycling Manager 4\\Cym2004.exe:*:Disabled:CyclingManager"
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
    "J:\\Program Files\\Taroteam\\webtarot.exe"="J:\\Program Files\\Taroteam\\webtarot.exe:*:Enabled:webtarot"
    "C:\\WINDOWS\\system32\\mcoinstall.exe"="C:\\WINDOWS\\system32\\mcoinstall.exe:*:Enabled:mcoinstall"
    "L:\\Shareaza\\Shareaza.exe"="L:\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
    "C:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 1.0.exe"="C:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 1.0.exe:*:Enabled:[Emoticons-plus.com] Winkaa 1.0"
    "J:\\age\\Empires.exe"="J:\\age\\Empires.exe:*:Enabled:Age of Empires"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "J:\\age\\aomx.exe"="J:\\age\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\NewTech Infosystems\\NTI CD-Maker\\LiveUpdate.exe"="C:\\Program Files\\NewTech Infosystems\\NTI CD-Maker\\LiveUpdate.exe:*:Enabled:LiveUpdate"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Checking For Files with Hidden Attributes:

    C:\Documents and Settings\parents\Local Settings\Application Data\Microsoft\Messenger\lesgathions@hotmail.fr\Sharing Folders\perrinou74@msn.com\Thumbs.db
    C:\WINDOWS\system32\NTICDMK32.dll
    C:\WINDOWS\system32\ntiembed.dll
    C:\WINDOWS\system32\NTIMPEG2.dll
    C:\Documents and Settings\parents\Mes documents\Downloads\Metadata\Deutsch FIFA Soccer 2006 crack.exe.xml
    C:\Documents and Settings\parents\Mes documents\Downloads\Metadata\FIFA Soccer 2006 cracked.exe.xml
    C:\Documents and Settings\parents\Mes documents\Downloads\Metadata\US FIFA Soccer 2006 crack.exe.xml
    C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\Documents and Settings\parents\Mes documents\Karine\TFE\~WRL0005.tmp
    C:\Documents and Settings\parents\Mes documents\Karine\TFE\~WRL1889.tmp
    C:\Documents and Settings\parents\Mes documents\Mes fichiers re‡us\~WRL1287.tmp

    Finished

    et enfin le rapport de hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 11:14:29, on 13/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\parents\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: pushow56.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    Merci encore à tous les deux de m'aider.
    0
  9. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    supprime clean et SDFix et fais ceci

    télécharge GenProc de Jean-Chretien1 et Narco4 sur ton bureau
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    poste les rapports car parfois il faut ajouter des consignes à la manip pour que cela fonctionne parfaitement
    0
  10. motomaniac Messages postés 11 Date d'inscription   Statut Membre
     
    Voilà, j'ai retrouvé internet (vive les fournisseurs d'accès) et votre aide, alors voilà le rapport genproc

    Rapport GenProc 0.49 [1] effectué le 13/05/2007 à 15:45:24,06 - SystemRoot = C:\WINDOWS

    # Etape 1/ Télécharge :

    - CCleaner http://www.filehippo.com/download_ccleaner.html ("Download Latest Version", sur la droite).
    Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    - Navipromo.zip http://www.alt-shift-return.org/Info/Fichiers/Navipromo073.zip et décompresse-le sur ton bureau

    - Brute Force Uninstaller http://www.merijn.org/files/bfu.zip et décompresse-le dans un dossier propre à lui (C:\BFU)
    * Fais un clic droit de souris sur ce lien : http://metallica.geekstogo.com/EGDACCESS.bfu
    et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..")
    afin de télécharger EGDACCESS.bfu, Type "Tous les fichiers". Sauvegarde dans le dossier créé (C:\BFU).

    - VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

    - combofix.exe (par [b]sUBs[/b]) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau

    ***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "parents") *****

    # Etape 2/

    * lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau.

    * Sélectionne l'option "Recherche et suppression automatique" en appuyant sur la touche R et en validant par entrée. Patiente.
    S'il trouve l'adware Navipromo, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert

    * Relance l'outil, Sélectionne l'option "Suppression Heuristique" en appuyant sur la touche H et en validant par entrée ; patiente quelques minutes. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert

    * Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.
    Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu
    - Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
    Clique sur "Execute" et laisse-le faire son travail.
    Attendre que "Complete script execution" apparaîsse et clique sur OK. Clique exit pour fermer le programme BFU.
    Recommence encore une fois.

    * Démarrer -> panneau de configuration -> options internet
    Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

    electronic-group - egroup - Montorgueil - VIP - "Sunny Day Design Ltd"

    => Supprime-les tous

    # Etape 3/

    * Double-clique VundoFix.exe afin de le lancer
    Clique sur le bouton Scan for Vundo
    Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
    Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

    * Double clique [b]combofix.exe[/b].
    Tape sur la touche Y (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra

    # Etape 4/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 5/

    Redémarre normalement et poste :
    - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ;
    - Le contenu du rapport situé dans C:\vundofix.txt ;
    - Le contenu du rapport situé dans C:\Combofix.txt ;
    - Le contenu du fichier Navipromo.txt qui se trouve dans Poste de travail C:\ ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
    0
  11. motomaniac Messages postés 11 Date d'inscription   Statut Membre
     
    Au fait, j'ai bien retrouvé l'usage de internet explorer mais je ne sais pas si le problème est définitivement résolu.
    Merci encore opour votre aide.
    0
  12. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    tu suis très exactement les manips proposées par !GenProc et tu me postes les rapports, tu es encore infecté
    0
    1. motomaniac
       
      Voila, j'ai bien suivi toute les manip à faire, pour info, vundo n'a pas trouvé de fichier infecté.

      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 18:34:16, on 13/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\UAService7.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
      C:\Program Files\Mozilla Thunderbird\thunderbird.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\parents\Local Settings\Temporary Internet Files\Content.IE5\1SD0NWHW\HiJackThis_v2[1].exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
      O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O18 - Protocol: offline-8876480 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - AppInit_DLLs: pushow56.dll
      O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
      O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
      O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
      O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
      O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
      O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
      0
  13. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    hijack est mal installé il faut le mettre à la racine de C ainsi
    C:\ hijack this
    tu le renommes en scanner .exe et tu me postes son rapport
    0
    1. motomaniac
       
      voila est-ce mieux comme cela



      Logfile of HijackThis v1.99.1
      Scan saved at 18:57:31, on 13/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\UAService7.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Mozilla Thunderbird\thunderbird.exe
      C:\DOCUME~1\parents\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
      O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: offline-8876480 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - AppInit_DLLs: pushow56.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
      O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
      0
  14. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    non
    supprime le et prend celui ci il s'installe directement là où il fait
    ensuite fais ceci
    1/télécharge et installe le logiciel HijackThis v1.99.1
    http://pchelpbordeaux.free.fr/logiciels.html
    Tutorial
    http://pchelpbordeaux.free.fr/tuto.html

    2/télécharge AVG Antispyware
    https://www.avg.com/en-ww/free-antivirus-download

    mode d'utilisation :
    Lance AVG Anti-Spyware, mets le à jour,
    Clique sur le bouton « Analyse »
    Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
    Retour à l'onglet Analyse.
    Clique sur Analyse complète du système.
    A la fin du scan, choisis " Appliquer toutes les actions "
    Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    3/ Télécharge : - CCleaner
    https://www.pcastuces.com/logitheque/ccleaner.htm
    ("Download Latest Version", sur la droite).
    Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    4/ lance ccleaner , nettoyeur, et supprime tout ce qu'il trouve

    5/ lance avg antispyware et supprime tout ce qu'il trouve et poste son rapport

    6/ lance hijack this et poste le rapport
    0
  15. motomaniac
     
    Voilà, j'ai normalement respecté le protocole,
    voilà le nouveau rapport hijack

    Logfile of HijackThis v1.99.1
    Scan saved at 21:15:33, on 13/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {9404C1E9-753A-4F13-B86B-81EB6189BB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: pushow56.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    pour info, AVG n'a rien détecté lors de la dernière analyse
    0
  16. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    est ce toi qui l'as installé? c'est de la m...e,
    supprime le par ajout suppression de programmes en mode sans échec si tu n'y arrives pas en mode normal, puis fais ceci après avoir désactivé avast car avec panda ils ne s'aiment pas
    fais un scan en ligne sur l’un de ces sites
    http://pandasoftware.fr
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    et poste les rapports
    0
  17. motomaniac
     
    désolé, j'avais prévenu que j'étais nul, je ne trouve pas le fichier que tu me demandes de supprimer lorsque je passe par ajouter supprimer.
    peus-tu me dire comment l'identifier ?
    Est-ce que si je passe en mode sans echec je verrai mieux ?
    Merci d'avance.
    PS je ne sais pas ce que c'est. Peut-être lors d'une mise à jour ?
    0
  18. motomaniac
     
    Bonjour, ce matin en rallumant l'ordi AVG a détecté internet optimizer et a proposer de le supprimer ce que j'ai fait, j'espère ne pas avoir fait de bétises.
    Dois-je maintenant passer à panda ?
    Merci.
    0
  19. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    oh que non tu as très bien fait
    passe à panda et nous verrons ainsi si AVG a bien tout supprimé cette crasse d'internet optimizer
    0
  20. motomaniac
     
    Voici le rapport de panda, je commence à être vraiment inquiet sur le contenu de mon ordi.
    Dois-je désintecté (je sais la question est bête.
    Concernant la suite, est ce que je peux remettre avast en service.
    Merci encore

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2007-05-14 11:13:17
    PROTECTIONS: 1
    MALWARE: 39
    SUSPECTS: 4
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus 4.7.1001 [VPS 000740-0] 4.7.1001 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00001888 adware/dyfuca Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\wsem update
    00032731 application/mywebsearch HackTools No 0 Yes No hkey_current_user\software\mywebsearch
    00034291 adware/surfaccuracy Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\sacc
    00035917 adware/ist.sidefind Adware No 0 Yes No hkey_classes_root\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
    00042191 adware/ist.yoursitebar Adware No 0 Yes No hkey_classes_root\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}
    00096053 application/funweb HackTools No 0 Yes No hkey_current_user\software\fun web products
    00115722 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087693.EXE
    00115735 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MSN Messenger\riched20.dll
    00115735 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087682.DLL
    00116106 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087685.DLL
    00134788 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087676.DLL
    00134791 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087678.DLL
    00134792 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087688.DLL
    00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP280\A0087832.exe
    00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP280\A0087800.exe[SDFix\apps\Process.exe]
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\parents\Cookies\parents@247realmedia[1].txt
    00145775 dialer.ags Dialers No 0 Yes No hkey_current_user\software\montorgueil
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\parents\Cookies\parents@xiti[1].txt
    00194232 Application/FunWeb HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087677.DLL
    00199834 Application/FunWeb HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP226\A0080615.DLL
    00199835 Application/FunWeb HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP226\A0080616.DLL
    00199837 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087686.DLL
    00199840 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087695.DLL
    00201987 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087694.DLL
    00202047 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087679.DLL
    00203257 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087696.DLL
    00212836 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087692.DLL
    00216672 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087669.DLL
    00217975 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087690.DLL
    00217976 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087684.DLL
    00238695 Application/Pskill.K HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP280\A0087808.exe
    00241782 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087687.DLL
    00241796 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087689.DLL
    00328284 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP222\A0077215.exe
    00328284 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP280\A0087876.exe
    00328284 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP247\A0082614.exe
    00328284 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP260\A0084692.exe
    00328284 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP217\A0076911.exe
    00328284 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP256\A0083410.exe
    00328284 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP249\A0082729.exe
    00358077 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087680.DLL
    00358091 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087683.EXE
    00365127 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087668.scr
    00365127 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087681.SCR
    00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP280\A0088158.exe[ComboFixT\nircmd.exe]
    00505702 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP279\A0087691.EXE
    00527056 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{53F3D8E2-EF6F-4054-B8B0-9FB5F7C12ECC}\RP278\A0086932.dll
    01011389 Malware Generic Virus/Trojan No 0 Yes No C:\WINDOWS\system32\yayxvtt.dll
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    C:\Documents and Settings\All Users\Application Data\Microsoft Games\Zoo Tycoon 2\downloads\zootycoon_com_zt2_1036\1019_1.0\TundraAndMuskOx.z2f[entities/units/animals/MuskOx/MuskOx_Adult_M_TreadWater_2Swim.bf]
    J:\maman\x151_000.z2f[entities/units/animals/MuskOx/MuskOx_Adult_M_TreadWater_2Swim.bf]
    J:\mods\BLACK THORN\character\HOS\hsm_plant_hardhat_yel.rsb
    J:\mods\BLACK THORN\character\HOS_male\Hsm_plant_hardhat_yel.rsb
    ;===================================================================================================================================================================================
    0
  21. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    je regarde le rapport mais tu remets avast en service tout de suite bien sur
    0
  • 1
  • 2