Sujet Précédent Sujet Suivant

Problème Spyware Limewireextreme

sheik -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Voilà mon problème est simple (ou en tout les cas pas rare).

je subit l'ouverture intempestive de sites internet comme http://www.limewireextreme.com par exemple. (pour faire simple je suis dans le meme cas que la personne au bout de ce lien : http://www.commentcamarche.net/forum/affich 4529016 ouverture intempestive

j'ai vu que vous lui aviez demandé de faire un navilog, je l'ai donc fait et je vous poste le rapport :

Search Navipromo version 3.4.3 commencé le 08/02/2008 à 13:07:39,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 06.02.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Sheik\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\Sheik\local settings\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\Sheik\MENUDM~1\PROGRA~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Sheik\local settings\application data" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\Sheik\local settings\application data" :

3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

*** Analyse terminée le 08/02/2008 à 13:10:22,42 ***

merci d'avance pour votre aide
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

rien dans navilog

_______

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 2 / 24
sheik
 
merci de ta reponse rapide, désolé pour le temps que ca a pris, j'ai été retenu ailleur.

voila jt'envoi ce que me di HijackThis (et autant dire que je comprend rien :D)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:25, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ptlg.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Logitech\G-series Software\LGDCore.exe
D:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\hijackthis\Eden.exe.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liepie.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 3 / 24
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
desinstalle via ton panneau de configuration

flashget

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

· Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
· Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
· Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html
_____________

mets a jour internet explorer ici:

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

________________

smit fraud fix (colle moi le rapport)

telecharge:
http://siri.urz.free.fr/Fix/SmitfraudFix.php

double clique sur smitfraudfix. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)
0
Réponse 4 / 24
sheik
 
je te poste le rapport apres la desinstallation de flashget (si c'est pas ce que tu voulais, alors j'ai rien compris et jm'en excuse)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:45, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ptlg.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\G-series Software\LGDCore.exe
D:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
D:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\Eden.exe.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liepie.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bw+0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AF5CF2A1-98F6-40BC-88BE-6D64D8F60785} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

· Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
· Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
· Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html
_____________

mets a jour internet explorer ici:

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

________________

smit fraud fix (colle moi le rapport)

telecharge:
http://siri.urz.free.fr/Fix/SmitfraudFix.php

double clique sur smitfraudfix. puis selectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redemarre en mode sans echec (en appuyant sur F8 ou suppr, ou F5 au demarrage en général)
0
Réponse 6 / 24
sheik
 
il faut attendre longtemps pour clean, car je el lance la fenetre noir apparai, je choisi rechercher et la ca commence, puis la fenetre disparai, j'ai attendu 30 minutes, sans rien voir venir....

je te colle le rapport fix, mais j'ai pas fait cleaner du coup... (ou en tt cas j'ai rien netoyé)

SmitFraudFix v2.283

Rapport fait à 17:06:09,57, 08/02/2008
Executé à partir de C:\Documents and Settings\Sheik\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ptlg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Doctor\swdsvc.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Orange HSS\Launcher\Launcher.exe
D:\Program Files\Logitech\G-series Software\LGDCore.exe
D:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sheik

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sheik\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sheik\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SAGEM Wi-Fi 11g USB adapter #3 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC18EFBA-A4E5-4252-A726-DA2986AD1FE1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4A5C4A5-2FA2-46AF-B962-0F6FC331D453}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 7 / 24
sheik
 
franchement j'espere que je vais pas etre dans l'obligation de formatter mon PC, ca me ferais franchement *****

Sinon on peu me conseiller un antivirus du niveau de Kaspersky (que j'avais avant) qui sera gratuit de preference...
0
Réponse 8 / 24
sheik
 
je t'envoi le rapport apres netoyage vie Smitfraudfix

SmitFraudFix v2.283

Rapport fait à 18:27:19,62, 08/02/2008
Executé à partir de C:\Documents and Settings\Sheik\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC18EFBA-A4E5-4252-A726-DA2986AD1FE1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4A5C4A5-2FA2-46AF-B962-0F6FC331D453}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B9027F1E-40AB-4BE6-96A8-629759B6FF52}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 9 / 24
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

______________

AVG antispyxare

https://www.01net.com/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

______
combofix (colle le rapport)

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

___________

colle le rapport d'un scan en ligne
avec un des suivants: (desactiver avast le temps du scan)

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0
Réponse 10 / 24
sheik
 
ComboFix 08-02.05.3 - Sheik 2008-02-08 20:07:06.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1384 [GMT 1:00]
Endroit: C:\Documents and Settings\Sheik\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible sites infectés -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))))))))
.

2008-02-08 19:59 . 2008-02-08 19:59 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\Grisoft
2008-02-08 19:59 . 2008-02-08 19:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-08 19:59 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-08 19:57 . 2008-02-08 19:57 <REP> d-------- C:\Program Files\CCleaner
2008-02-08 17:06 . 2008-02-08 18:27 4,478 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-08 17:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-08 17:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-08 17:05 . 2008-02-08 10:37 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-08 17:05 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-08 17:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-08 17:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-08 17:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-08 16:10 . 2008-02-08 16:10 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-08 16:09 . 2008-02-08 16:10 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-08 16:05 . 2006-10-27 15:09 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-08 15:12 . 2008-02-08 15:52 <REP> d-------- C:\hijackthis
2008-02-08 13:04 . 2008-02-08 19:56 <REP> d-------- C:\Program Files\Navilog1
2008-02-08 12:31 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-08 12:22 . 2008-02-08 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 12:00 . 2008-02-08 12:30 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-08 11:56 . 2008-02-08 11:56 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-02-08 11:56 . 2008-02-08 11:56 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-02-07 18:24 . 2008-02-07 18:23 709,035 --a------ C:\WINDOWS\system32\ptlg.exe
2008-02-07 18:15 . 2008-02-07 18:15 22,328 --a------ C:\Documents and Settings\Sheik\Application Data\PnkBstrK.sys
2008-02-07 16:52 . 2008-02-07 16:52 <REP> d-------- C:\Program Files\Microsoft LifeChat
2008-02-06 12:42 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-06 12:42 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-02 22:02 . 2008-02-02 22:02 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\CyberLink
2008-02-02 22:02 . 2008-02-02 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-02 22:01 . 2008-02-02 22:01 <REP> d-------- C:\Program Files\Cyberlink
2008-02-02 21:47 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-02-01 20:48 . 2008-02-01 20:48 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\Media Player Classic
2008-01-25 17:49 . 2008-01-25 17:49 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\TomTom
2008-01-25 17:49 . 2008-01-25 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-01-25 16:37 . 2008-01-25 16:37 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-01-23 00:33 . 2008-01-23 00:33 <REP> d-------- C:\Documents and Settings\Sheik\Application Data\SlySoft
2008-01-17 17:01 . 2008-01-17 17:01 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-01-17 17:01 . 2008-01-17 17:01 294 --a------ C:\WINDOWS\game.ini
2008-01-17 16:46 . 2008-01-17 16:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-01-08 02:16 . 2008-01-08 02:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 11:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 11:20 --------- d-----w C:\Documents and Settings\Sheik\Application Data\uTorrent
2008-01-19 14:40 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-08 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-06 17:49 --------- d-----w C:\Program Files\uTorrent
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-31 19:49 24,504 ----a-w C:\Documents and Settings\Sheik\Application Data\GDIPFONTCACHEV1.DAT
2007-12-30 13:28 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-30 13:28 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-30 13:28 --------- d-----w C:\Program Files\OpenAL
2007-12-27 15:31 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-27 15:31 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-27 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-27 15:30 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-12-27 15:30 --------- d-----w C:\Program Files\Fichiers communs\Logishrd
2007-12-27 15:30 --------- d-----w C:\Documents and Settings\Sheik\Application Data\InstallShield
2007-12-27 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-25 19:45 --------- d-----w C:\Documents and Settings\Sheik\Application Data\vlc
2007-12-25 17:05 --------- d-----w C:\Program Files\Videora
2007-12-25 09:51 --------- d-----w C:\Documents and Settings\Sheik\Application Data\Apple Computer
2007-12-25 09:36 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2007-12-24 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-23 08:41 --------- d--h--w C:\Program Files\Zero G Registry
2007-12-22 12:57 --------- d-----w C:\Program Files\MSN Messenger
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"LDM"="D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-25 13:25 32768]
"WindowsLivePhone"="C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe" [2006-12-04 09:33 709440]
"eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-30 13:00 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-30 13:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22 266240]
"SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 19:55 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 19:03 102400]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19 221184]
"Launch LGDCore"="D:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
"Launch LCDMon"="D:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-19 22:55 185896]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"TomTomHOME.exe"="D:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
"LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-11-25 13:25:51 450560]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-27 16:30:32 784912]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-11-05 20:08:39 950272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-19 22:55 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R2 ptlg;ptlg;C:\WINDOWS\system32\ptlg.exe [2008-02-07 18:23]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01505eb5-cb44-11dc-94e1-0060b33f2667}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

*Newly Created Service* - AVGASCLN
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 20:08:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-08 20:08:37
ComboFix-quarantined-files.txt 2008-02-08 19:08:35
.
2008-01-09 14:01:12 --- E O F ---
0
Réponse 11 / 24
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyse aussi ce fichier sur virus total et colle moi le rapport: https://www.virustotal.com/gui/

C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
0
Réponse 12 / 24
sheik
 
voila pour le rapport AVG

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:05:47 08/02/2008

+ Résultat de l'analyse:

C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\1oxrfr6d.default\Cache\DE447207d01 -> Not-A-Virus.Downloader.Win32.WinFixer.au : Nettoyé.
:mozilla.23:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.26:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.27:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.16:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.32:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.10:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.17:C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.22:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1oxrfr6d.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.23:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1oxrfr6d.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

Fin du rapport
0
Réponse 13 / 24
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok:!

analyse aussi ce fichier sur virus total et colle moi le rapport: https://www.virustotal.com/gui/

C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe

____________
colle le rapport d'un scan en ligne
avec un des suivants: (desactiver avast le temps du scan)

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0
Réponse 14 / 24
sheik
 
Tien je t'envoi le rapport de virustotal

Fichier msgrdvmn.exe reçu le 2008.02.08 21:11:26 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 41 et 59 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.08 -
Authentium 4.93.8 2008.02.08 -
Avast 4.7.1098.0 2008.02.07 -
AVG 7.5.0.516 2008.02.08 -
BitDefender 7.2 2008.02.08 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.08 -
DrWeb 4.44.0.09170 2008.02.08 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5521 2008.02.08 -
Ewido 4.0 2008.02.08 -
FileAdvisor 1 2008.02.08 -
Fortinet 3.14.0.0 2008.02.08 -
F-Prot 4.4.2.54 2008.02.08 -
F-Secure 6.70.13260.0 2008.02.08 -
Ikarus T3.1.1.20 2008.02.08 -
Kaspersky 7.0.0.125 2008.02.08 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.08 -
NOD32v2 2860 2008.02.08 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.08 -
Prevx1 V2 2008.02.08 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.08 -
Sunbelt 2.2.907.0 2008.02.08 -
Symantec 10 2008.02.08 -
TheHacker 6.2.9.212 2008.02.07 -
VBA32 3.12.6.0 2008.02.07 -
VirusBuster 4.3.26:9 2008.02.08 -
Webwasher-Gateway 6.6.2 2008.02.08 -
Information additionnelle
File size: 709440 bytes
MD5: 77070918b83c511b4c8ef919ed66ddc4
SHA1: 86150bdaa8b96e1cf044c59f32b7442fd11bb3b8
PEiD: -
0
Réponse 15 / 24
sheik
 
excuse moi pour le temps que ca prend, mais c'est assez long ( 1 heure apparement) !

j'en suis a 70 % et 29 detection. (comme quoi...Avast... c'est pas genial...)

et je tien a te dire que le problème persiste (malheureusement).

Je voulais aussi te dire que je comprend absolument rien a tt les rapport que je t'envoi depuis le debut d'apres midi lol heureusement que tu es la !
0
Réponse 16 / 24
sheik
 
juste quand je fini, l'analyse fini...

au fait dois-je cliker sur le bouton desinfecter ? ou alors tu prefere regarder avec un autre programme ?

tien le rapport :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-08 21:59:37
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1098 [VPS 080207-0] 4.7.1098 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Cookies\sheik@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP289\A0040645.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Sheik\Bureau\SmitfraudFix\Process.exe
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.xiti.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Cookies\sheik@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.adtech.de/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.advertising.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.overture.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.bluestreak.com/]
00238695 Application/Pskill.K HackTools No 0 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP290\A0040756.exe
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Sheik\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\cookies.txt[.smartadserver.com/]
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Sheik\Bureau\SmitfraudFix\restart.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP290\A0040742.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Sheik\Bureau\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Sheik\Bureau\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Sheik\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\Cache\C2152591d01[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Sheik\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\Cache\C2152591d01[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP290\A0040777.com
02179432 Generic Trojan Virus/Trojan No 0 Yes No D:\Program Files\Logitech\G-series Software\SDK\LCDSDK_1.02.218.zip[Tools/VLCDCtrl.exe]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Sheik\Bureau\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F1053032-6EBF-42E5-83DA-970536363D85}\RP289\A0040640.exe
02684897 Application/AVSystemCare HackTools No 0 Yes No C:\Documents and Settings\Sheik\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\Cache\DE447207d01
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 17 / 24
sheik
 
Bon vu que c'est payant, on va faire ca autrement lol :D
0
Réponse 18 / 24
melk27
 
J'ai eu le meme probleme mais en faisant une restauration systeme une semaine avant le debut des problemes tout est rentrè dans l'ordre. Essaie
0
Réponse 19 / 24
sheik
 
ok j'essaye
0
Réponse 20 / 24
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

D:\Program Files\Logitech\G-series Software\SDK\LCDSDK_1.02.218.zip
C:\Documents and Settings\Sheik\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9iarxia.default\Cache\DE447207d01

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

___________________
le reste correspond a smitfraudfix et combofix donc aucun souci
___________________

remplace avast par antivir et colle un rapport et dis si encore des problemes:

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
0