Problème Spyware Limewireextreme

sheik -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Voilà mon problème est simple (ou en tout les cas pas rare).

je subit l'ouverture intempestive de sites internet comme http://www.limewireextreme.com par exemple. (pour faire simple je suis dans le meme cas que la personne au bout de ce lien : http://www.commentcamarche.net/forum/affich 4529016 ouverture intempestive

j'ai vu que vous lui aviez demandé de faire un navilog, je l'ai donc fait et je vous poste le rapport :

Search Navipromo version 3.4.3 commencé le 08/02/2008 à 13:07:39,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 06.02.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Sheik\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\Sheik\local settings\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\Sheik\MENUDM~1\PROGRA~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Sheik\local settings\application data" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\Sheik\local settings\application data" :

3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

*** Analyse terminée le 08/02/2008 à 13:10:22,42 ***

merci d'avance pour votre aide
Configuration: Windows XP
Firefox 2.0.0.11

24 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    rien dans navilog

    _______

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  2. sheik
     
    merci de ta reponse rapide, désolé pour le temps que ca a pris, j'ai été retenu ailleur.

    voila jt'envoi ce que me di HijackThis (et autant dire que je comprend rien :D)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:15:25, on 08/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ptlg.exe
    C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    C:\Program Files\Orange HSS\Systray\SystrayApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Logitech\G-series Software\LGDCore.exe
    D:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
    D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    D:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    D:\Program Files\Spyware Doctor\svcntaux.exe
    D:\Program Files\Spyware Doctor\swdsvc.exe
    D:\Program Files\Spyware Doctor\SDTrayApp.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\hijackthis\Eden.exe.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liepie.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
    O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe" /AutoRun
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.orange.fr/portail
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: bw+0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    desinstalle via ton panneau de configuration

    flashget

    Colle le rapport :
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    · Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    · Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    · Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

    http://kerio.probb.fr/tuto-Clean-h37.html
    _____________

    mets a jour internet explorer ici:

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ________________

    smit fraud fix (colle moi le rapport)

    telecharge:
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    double clique sur smitfraudfix. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)
    0
  4. sheik
     
    je te poste le rapport apres la desinstallation de flashget (si c'est pas ce que tu voulais, alors j'ai rien compris et jm'en excuse)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:52:45, on 08/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ptlg.exe
    C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    D:\Program Files\Spyware Doctor\svcntaux.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    C:\Program Files\Orange HSS\Systray\SystrayApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\G-series Software\LGDCore.exe
    D:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    D:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Spyware Doctor\SDTrayApp.exe
    D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    D:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\Eden.exe.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liepie.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
    O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe" /AutoRun
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.orange.fr/portail
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: bw+0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Colle le rapport :
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    · Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    · Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    · Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

    http://kerio.probb.fr/tuto-Clean-h37.html
    _____________

    mets a jour internet explorer ici:

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ________________

    smit fraud fix (colle moi le rapport)

    telecharge:
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    double clique sur smitfraudfix. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)
    0
  7. sheik
     
    il faut attendre longtemps pour clean, car je el lance la fenetre noir apparai, je choisi rechercher et la ca commence, puis la fenetre disparai, j'ai attendu 30 minutes, sans rien voir venir....

    je te colle le rapport fix, mais j'ai pas fait cleaner du coup... (ou en tt cas j'ai rien netoyé)

    SmitFraudFix v2.283

    Rapport fait à 17:06:09,57, 08/02/2008
    Executé à partir de C:\Documents and Settings\Sheik\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ptlg.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    D:\Program Files\Spyware Doctor\svcntaux.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Spyware Doctor\swdsvc.exe
    D:\Program Files\Spyware Doctor\SDTrayApp.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    C:\Program Files\Orange HSS\Systray\SystrayApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    D:\Program Files\Logitech\G-series Software\LGDCore.exe
    D:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
    D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    D:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sheik

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sheik\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sheik\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: SAGEM Wi-Fi 11g USB adapter #3 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC18EFBA-A4E5-4252-A726-DA2986AD1FE1}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4A5C4A5-2FA2-46AF-B962-0F6FC331D453}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  8. sheik
     
    franchement j'espere que je vais pas etre dans l'obligation de formatter mon PC, ca me ferais franchement *****

    Sinon on peu me conseiller un antivirus du niveau de Kaspersky (que j'avais avant) qui sera gratuit de preference...
    0
  9. sheik
     
    je t'envoi le rapport apres netoyage vie Smitfraudfix

    SmitFraudFix v2.283

    Rapport fait à 18:27:19,62, 08/02/2008
    Executé à partir de C:\Documents and Settings\Sheik\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC18EFBA-A4E5-4252-A726-DA2986AD1FE1}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4A5C4A5-2FA2-46AF-B962-0F6FC331D453}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    ______________

    AVG antispyxare

    https://www.01net.com/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    ______
    combofix (colle le rapport)

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

    ___________

    colle le rapport d'un scan en ligne
    avec un des suivants: (desactiver avast le temps du scan)

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    0
  11. sheik
     
    ComboFix 08-02.05.3 - Sheik 2008-02-08 20:07:06.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1384 [GMT 1:00]
    Endroit: C:\Documents and Settings\Sheik\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    ----- BITS: Possible sites infectés -----

    hxxp://www.download.windowsupdate.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-08 19:59 . 2008-02-08 19:59 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\Grisoft
    2008-02-08 19:59 . 2008-02-08 19:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-08 19:59 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-08 19:57 . 2008-02-08 19:57 <REP> d-------- C:\Program Files\CCleaner
    2008-02-08 17:06 . 2008-02-08 18:27 4,478 --a------ C:\WINDOWS\system32\tmp.reg
    2008-02-08 17:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-02-08 17:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-02-08 17:05 . 2008-02-08 10:37 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-02-08 17:05 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-02-08 17:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-02-08 17:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-02-08 17:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-02-08 16:10 . 2008-02-08 16:10 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-02-08 16:09 . 2008-02-08 16:10 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-02-08 16:05 . 2006-10-27 15:09 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-02-08 15:12 . 2008-02-08 15:52 <REP> d-------- C:\hijackthis
    2008-02-08 13:04 . 2008-02-08 19:56 <REP> d-------- C:\Program Files\Navilog1
    2008-02-08 12:31 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-02-08 12:22 . 2008-02-08 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-08 12:00 . 2008-02-08 12:30 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
    2008-02-08 11:56 . 2008-02-08 11:56 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-02-08 11:56 . 2008-02-08 11:56 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
    2008-02-07 18:24 . 2008-02-07 18:23 709,035 --a------ C:\WINDOWS\system32\ptlg.exe
    2008-02-07 18:15 . 2008-02-07 18:15 22,328 --a------ C:\Documents and Settings\Sheik\Application Data\PnkBstrK.sys
    2008-02-07 16:52 . 2008-02-07 16:52 <REP> d-------- C:\Program Files\Microsoft LifeChat
    2008-02-06 12:42 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-02-06 12:42 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
    2008-02-02 22:02 . 2008-02-02 22:02 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\CyberLink
    2008-02-02 22:02 . 2008-02-02 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-02-02 22:01 . 2008-02-02 22:01 <REP> d-------- C:\Program Files\Cyberlink
    2008-02-02 21:47 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
    2008-02-01 20:48 . 2008-02-01 20:48 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\Media Player Classic
    2008-01-25 17:49 . 2008-01-25 17:49 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\TomTom
    2008-01-25 17:49 . 2008-01-25 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
    2008-01-25 16:37 . 2008-01-25 16:37 <REP> d-------- C:\Program Files\TomTom DesktopSuite
    2008-01-23 00:33 . 2008-01-23 00:33 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\SlySoft
    2008-01-17 17:01 . 2008-01-17 17:01 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-01-17 17:01 . 2008-01-17 17:01 294 --a------ C:\WINDOWS\game.ini
    2008-01-17 16:46 . 2008-01-17 16:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    2008-01-08 02:16 . 2008-01-08 02:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-08 11:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-08 11:20 --------- d-----w C:\Documents and Settings\Sheik\Application Data\uTorrent
    2008-01-19 14:40 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-01-08 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-01-06 17:49 --------- d-----w C:\Program Files\uTorrent
    2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-12-31 19:49 24,504 ----a-w C:\Documents and Settings\Sheik\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-30 13:28 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2007-12-30 13:28 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2007-12-30 13:28 --------- d-----w C:\Program Files\OpenAL
    2007-12-27 15:31 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-12-27 15:31 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2007-12-27 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
    2007-12-27 15:30 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2007-12-27 15:30 --------- d-----w C:\Program Files\Fichiers communs\Logishrd
    2007-12-27 15:30 --------- d-----w C:\Documents and Settings\Sheik\Application Data\InstallShield
    2007-12-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2007-12-25 19:45 --------- d-----w C:\Documents and Settings\Sheik\Application Data\vlc
    2007-12-25 17:05 --------- d-----w C:\Program Files\Videora
    2007-12-25 09:51 --------- d-----w C:\Documents and Settings\Sheik\Application Data\Apple Computer
    2007-12-25 09:36 --------- d-----w C:\Program Files\WinAVI MP4 Converter
    2007-12-24 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-23 08:41 --------- d--h--w C:\Program Files\Zero G Registry
    2007-12-22 12:57 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
    2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
    2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
    2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
    2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
    2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
    2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
    2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
    2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
    2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
    2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
    2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
    2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
    2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
    2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
    2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
    2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
    2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
    2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
    2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
    2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
    2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
    2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
    2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
    2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
    2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
    2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
    2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
    2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
    2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
    2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
    2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
    2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
    2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
    2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
    2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "LDM"="D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-25 13:25 32768]
    "WindowsLivePhone"="C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe" [2006-12-04 09:33 709440]
    "eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-30 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-30 13:00 455168]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22 266240]
    "SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 19:55 94208]
    "ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 19:03 102400]
    "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19 221184]
    "Launch LGDCore"="D:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
    "Launch LCDMon"="D:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-19 22:55 185896]
    "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
    "TomTomHOME.exe"="D:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
    "LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
    "LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
    "!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-11-25 13:25:51 450560]
    Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-27 16:30:32 784912]
    Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-11-05 20:08:39 950272]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SATARAID5.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SATARAID5.lnk
    backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -r------- 2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-10-19 22:55 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
    R2 ptlg;ptlg;C:\WINDOWS\system32\ptlg.exe [2008-02-07 18:23]
    R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01505eb5-cb44-11dc-94e1-0060b33f2667}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe

    *Newly Created Service* - AVGASCLN
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-08 20:08:15
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-08 20:08:37
    ComboFix-quarantined-files.txt 2008-02-08 19:08:35
    .
    2008-01-09 14:01:12 --- E O F ---
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse aussi ce fichier sur virus total et colle moi le rapport: https://www.virustotal.com/gui/

    C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
    0
  13. sheik
     
    voila pour le rapport AVG

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 21:05:47 08/02/2008

    + Résultat de l'analyse:

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\1oxrfr6d.default\Cache\DE447207d01 -> Not-A-Virus.Downloader.Win32.WinFixer.au : Nettoyé.
    :mozilla.23:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.24:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.26:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.27:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.16:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.32:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.10:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.17:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.22:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1oxrfr6d.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.23:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1oxrfr6d.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

    Fin du rapport
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok:!

    analyse aussi ce fichier sur virus total et colle moi le rapport: https://www.virustotal.com/gui/

    C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe

    ____________
    colle le rapport d'un scan en ligne
    avec un des suivants: (desactiver avast le temps du scan)

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    0
  15. sheik
     
    Tien je t'envoi le rapport de virustotal

    Fichier msgrdvmn.exe reçu le 2008.02.08 21:11:26 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 0/32 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 2.
    L'heure estimée de démarrage est entre 41 et 59 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Formaté
    Impression des résultats Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.2.6.10 2008.02.05 -
    AntiVir 7.6.0.62 2008.02.08 -
    Authentium 4.93.8 2008.02.08 -
    Avast 4.7.1098.0 2008.02.07 -
    AVG 7.5.0.516 2008.02.08 -
    BitDefender 7.2 2008.02.08 -
    CAT-QuickHeal None 2008.02.08 -
    ClamAV 0.92 2008.02.08 -
    DrWeb 4.44.0.09170 2008.02.08 -
    eSafe 7.0.15.0 2008.01.28 -
    eTrust-Vet 31.3.5521 2008.02.08 -
    Ewido 4.0 2008.02.08 -
    FileAdvisor 1 2008.02.08 -
    Fortinet 3.14.0.0 2008.02.08 -
    F-Prot 4.4.2.54 2008.02.08 -
    F-Secure 6.70.13260.0 2008.02.08 -
    Ikarus T3.1.1.20 2008.02.08 -
    Kaspersky 7.0.0.125 2008.02.08 -
    McAfee 5226 2008.02.08 -
    Microsoft 1.3204 2008.02.08 -
    NOD32v2 2860 2008.02.08 -
    Norman 5.80.02 2008.02.08 -
    Panda 9.0.0.4 2008.02.08 -
    Prevx1 V2 2008.02.08 -
    Rising 20.29.22.00 2008.01.30 -
    Sophos 4.26.0 2008.02.08 -
    Sunbelt 2.2.907.0 2008.02.08 -
    Symantec 10 2008.02.08 -
    TheHacker 6.2.9.212 2008.02.07 -
    VBA32 3.12.6.0 2008.02.07 -
    VirusBuster 4.3.26:9 2008.02.08 -
    Webwasher-Gateway 6.6.2 2008.02.08 -
    Information additionnelle
    File size: 709440 bytes
    MD5: 77070918b83c511b4c8ef919ed66ddc4
    SHA1: 86150bdaa8b96e1cf044c59f32b7442fd11bb3b8
    PEiD: -
    0
  16. sheik
     
    excuse moi pour le temps que ca prend, mais c'est assez long ( 1 heure apparement) !

    j'en suis a 70 % et 29 detection. (comme quoi...Avast... c'est pas genial...)

    et je tien a te dire que le problème persiste (malheureusement).

    Je voulais aussi te dire que je comprend absolument rien a tt les rapport que je t'envoi depuis le debut d'apres midi lol heureusement que tu es la !
    0
  17. sheik
     
    juste quand je fini, l'analyse fini...

    au fait dois-je cliker sur le bouton desinfecter ? ou alors tu prefere regarder avec un autre programme ?

    tien le rapport :

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-02-08 21:59:37
    PROTECTIONS: 1
    MALWARE: 17
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus 4.7.1098 [VPS 080207-0] 4.7.1098 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.doubleclick.net/]
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Cookies\sheik@atdmt[2].txt
    00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP289\A0040645.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Sheik\Bureau\SmitfraudFix\Process.exe
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.xiti.com/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Cookies\sheik@weborama[1].txt
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.adtech.de/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.overture.com/]
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.bluestreak.com/]
    00238695 Application/Pskill.K HackTools No 0 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP290\A0040756.exe
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.smartadserver.com/]
    00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Sheik\Bureau\SmitfraudFix\restart.exe
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP290\A0040742.EXE
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Sheik\Bureau\ComboFix.exe[327882R2FWJFW\nircmd.com]
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Sheik\Bureau\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Sheik\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\Cache\C2152591d01[327882R2FWJFW\nircmd.cfexe]
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Sheik\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\Cache\C2152591d01[327882R2FWJFW\nircmd.com]
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP290\A0040777.com
    02179432 Generic Trojan Virus/Trojan No 0 Yes No D:\Program Files\Logitech\G-series Software\SDK\LCDSDK_1.02.218.zip[Tools/VLCDCtrl.exe]
    02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Sheik\Bureau\SmitfraudFix\Reboot.exe
    02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP289\A0040640.exe
    02684897 Application/AVSystemCare HackTools No 0 Yes No C:\Documents and Settings\Sheik\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\Cache\DE447207d01
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0
  18. sheik
     
    Bon vu que c'est payant, on va faire ca autrement lol :D
    0
  19. melk27
     
    J'ai eu le meme probleme mais en faisant une restauration systeme une semaine avant le debut des problemes tout est rentrè dans l'ordre. Essaie
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    D:\Program Files\Logitech\G-series Software\SDK\LCDSDK_1.02.218.zip
    C:\Documents and Settings\Sheik\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\Cache\DE447207d01

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ___________________
    le reste correspond a smitfraudfix et combofix donc aucun souci
    ___________________

    remplace avast par antivir et colle un rapport et dis si encore des problemes:

    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    0
  • 1
  • 2